Latest ibm spectrum scale Vulnerabilities

CVE-2022-43843
IBM Spectrum Scale information disclosure
IBM Spectrum Scale=5.1.5.0
IBM Spectrum Scale=5.1.5.1
IBM Spectrum Scale<=5.1.5.0 - 5.1.5.1
IBM-7094941
IBM Spectrum Scale<=5.1.5.0 - 5.1.5.1
IBM-6988365
IBM Spectrum Scale<=5.1.0.0 - 5.1.2.9
IBM Spectrum Scale<=5.1.3.0 - 5.1.6.1
CVE-2023-30434
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cau...
IBM Spectrum Scale<=5.1.0.0
IBM Spectrum Scale<=5.1.3.0
IBM Elastic Storage System<=6.1.0.0
IBM Elastic Storage System<=6.1.3.0
IBM Spectrum Scale<=5.1.6.1
IBM Spectrum Scale<=5.1.2.9
and 8 more
CVE-2020-4927
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: ...
IBM Spectrum Scale>=5.0.5.0<5.1.7.0
IBM Spectrum Scale<=5.0.5.0 - 5.1.6.1
IBM-6960571
IBM Spectrum Scale<=5.0.5.0 - 5.1.6.1
CVE-2022-43869
IBM Spectrum Scale could allow an authenticated user to cause a denial of service through the GUI using a format string attack.
IBM Elastic Storage System<=6.1.0.0 - 6.1.2.4
IBM Elastic Storage System<=6.1.3.0 - 6.1.4.1
IBM Elastic Storage System>=6.1.0.0<=6.1.2.4
IBM Elastic Storage System>=6.1.3.0<=6.1.4.1
IBM Spectrum Scale>=5.1.0.0<=5.1.2.8
IBM Spectrum Scale>=5.1.3.0<=5.1.5.1
and 1 more
IBM-6909465
IBM Spectrum Scale<=5.1.0.0 - 5.1.2.8
IBM Spectrum Scale<=5.1.3.0 - 5.1.5.1
CVE-2022-40607
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host file...
IBM Spectrum Scale<=5.1.4.0
Linux Linux kernel
IBM Spectrum Scale<=CSI 2.6.0 or before (CNSA 5.1.4.0 or before)
CVE-2020-4926
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. I...
IBM Elastic Storage System<6.1.3.0
IBM Spectrum Scale<5.1.3.0
Linux Linux kernel
IBM Elastic Storage System<=ALL
CVE-2022-22368
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.
IBM Spectrum Scale>=5.1.0<=5.1.3.0
IBM AIX
Linux Linux kernel
Microsoft Windows
IBM Spectrum Scale<=5.1.0 - 5.1.3.0
IBM-6579139
IBM Spectrum Scale<=5.1.0 - 5.1.3.0
CVE-2020-4925
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599...
IBM Spectrum Scale=5.0.0
IBM Spectrum Scale=5.1.0
Linux Linux kernel
IBM Spectrum Scale<=ALL
IBM-6560094
IBM Spectrum Scale<=ALL
IBM-6516426
IBM Spectrum Scale<=5.1.0 - 5.1.1.1
CVE-2021-29740
IBM Spectrum Scalefile system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating th...
IBM Spectrum Scale<=5.0.0 - 5.0.5.6
IBM Spectrum Scale<=5.1.0 - 5.1.0.3
IBM Spectrum Scale>=5.0.0.0<5.0.5.7
IBM Spectrum Scale>=5.1.0<5.1.1.0
IBM-6457629
IBM Spectrum Scale<=5.0.0 - 5.0.5.6
IBM Spectrum Scale<=5.1.0 - 5.1.0.3
CVE-2021-29708
IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.
IBM Spectrum Scale=5.1.0.1
IBM Spectrum Scale (CNSA)<=5.1.0.1
IBM-6447077
IBM Spectrum Scale<=5.0.4.1 - 5.1.0.3 (CSI V1.0.0 - V2.1.0)
CVE-2020-4981
IBM Spectrum Scale could allow a local privileged user to overwrite files due to improper input validation.
IBM Spectrum Scale<=5.0.4.1 - 5.1.0.3 (CSI V1.0.0 - V2.1.0)
IBM Spectrum Scale>=5.0.4.1<=5.1.0.3
IBM-6447107
IBM Spectrum Scale<=5.0.0 - 5.0.5.6
IBM Spectrum Scale<=5.1.0 - 5.1.0.2
CVE-2021-29667
IBM Spectrum Scale is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents.
IBM Spectrum Scale<=5.0.0 - 5.0.5.6
IBM Spectrum Scale<=5.1.0 - 5.1.0.2
IBM Spectrum Scale>=5.0.0<=5.0.5.6
IBM Spectrum Scale>=5.1.0<=5.1.0.2
Linux Linux kernel
CVE-2021-29666
IBM Spectrum Scale is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ...
IBM Spectrum Scale<=5.0.0 - 5.0.5.6
IBM Spectrum Scale<=5.1.0 - 5.1.0.2
IBM Spectrum Scale>=5.0.0<=5.0.5.6
IBM Spectrum Scale>=5.1.0<=5.1.0.2
Linux Linux kernel
IBM-6441429
IBM Spectrum Scale<=5.1.0.1
CVE-2021-29671
IBM Spectrum Scale could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled.
IBM Spectrum Scale<=5.1.0.1
IBM Spectrum Scale>=5.1.0.1<5.1.0.2
IBM-6430147
IBM Spectrum Scale<=5.0.0 - 5.0.5.5
IBM Spectrum Scale<=5.1.0 - 5.1.0.2
CVE-2020-4890
IBM Spectrum Scale could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting.
IBM Spectrum Scale<=5.0.0 - 5.0.5.5
IBM Spectrum Scale<=5.1.0 - 5.1.0.2
IBM Spectrum Scale>=5.0.0.0<=5.0.5.5
IBM Spectrum Scale>=5.1.0.0<=5.1.0.2
IBM-6405774
IBM Spectrum Scale<=5.0.0 - 5.0.5.4 (HDFS Transparency version - 3.1.0)
IBM Spectrum Scale<=5.1.0 - 5.1.0.1 (HDFS Transparency version - 3.1.0)
IBM-6405776
IBM Spectrum Scale<=5.0.0 - 5.0.5.4
IBM Spectrum Scale<=5.1.0
CVE-2020-4756
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the...
IBM Elastic Storage Server>=6.0.0.0<=6.0.1.0
IBM Spectrum Scale>4.2.0.0<=4.2.3.23
IBM Spectrum Scale>5.0.0.0<=5.0.5.2
IBM-6349449
IBM Spectrum Scale<=5.0.0 -  5.0.5.2
CVE-2020-4748
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...
IBM Spectrum Scale>5.0.0.0<=5.0.5.2
IBM Spectrum Scale<=5.0.0 -  5.0.5.2
CVE-2020-4755
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...
IBM Spectrum Scale>5.0.0.0<=5.0.5.2
IBM Spectrum Scale<=5.0.0 -  5.0.5.2
CVE-2020-4749
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a use...
IBM Spectrum Scale>5.0.0.0<=5.0.5.2
IBM Spectrum Scale<=5.0.0 -  5.0.5.2
CVE-2020-4491
IBM Spectrum Scale could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash.
IBM Spectrum Scale>4.2.0.0<=4.2.3.22
IBM Spectrum Scale>5.0.0.0<=5.0.5
CVE-2020-4492
IBM Spectrum Scale could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments.
IBM Spectrum Scale>=4.2.0.0<=4.2.3.21
IBM Spectrum Scale>=5.0.0.0<=5.0.4.3
CVE-2020-4358
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional...
IBM Spectrum Scale>=5.0.0.0<=5.0.4.4
CVE-2020-4379
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.
IBM Spectrum Scale>=5.0.0.0<=5.0.4.4
CVE-2020-4350
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.
IBM Spectrum Scale>=5.0.0.0<=5.0.4.4
CVE-2020-4357
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be u...
IBM Spectrum Scale>=5.0.0.0<=5.0.4.4
CVE-2020-4378
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.
IBM Spectrum Scale>=5.0.0.0<=5.0.4.4
CVE-2020-4348
IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ...
IBM Spectrum Scale>=4.2.0.0<=4.2.3.21
IBM Spectrum Scale>=5.0.0.0<=5.0.4.4
CVE-2020-4349
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.
IBM Spectrum Scale>=5.0.0.0<=5.0.4.4
IBM-6214483
IBM Spectrum Scale<=5.0.0 - 5.0.4.4
IBM-6214482
IBM Spectrum Scale<=5.0.0.0 - 5.0.4.4
IBM-6214484
IBM Spectrum Scale<=V5.0.0 - V5.0.4.4
IBM-6214481
IBM Spectrum Scale<=5.0.0.0 - 5.0.4.4
CVE-2020-4412
The Spectrum Scale file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the...
IBM Spectrum Scale>=4.2.0.0<=4.2.3.21
IBM Spectrum Scale>=5.0.0.0<=5.0.4.3
IBM AIX
Linux Linux kernel
CVE-2020-4411
The Spectrum Scale file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected syste...
IBM Spectrum Scale>=4.2.0.0<=4.2.3.21
IBM Spectrum Scale>=5.0.0.0<=5.0.4.3
IBM AIX
Linux Linux kernel
IBM-6151701
IBM Spectrum Scale<=All

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203