Total
57 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4756 | 1 Ibm | 2 Elastic Storage Server, Spectrum Scale | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599. | |||||
CVE-2020-4851 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450. | |||||
CVE-2020-4891 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974. | |||||
CVE-2020-4890 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973. | |||||
CVE-2020-4350 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424. | |||||
CVE-2020-4358 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762. | |||||
CVE-2020-4349 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423. | |||||
CVE-2020-4378 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157. | |||||
CVE-2020-4492 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992. | |||||
CVE-2020-4379 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158. | |||||
CVE-2020-4242 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. | |||||
CVE-2020-4348 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414 | |||||
CVE-2020-4241 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. | |||||
CVE-2020-4412 | 2 Ibm, Linux | 3 Aix, Spectrum Scale, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987. | |||||
CVE-2020-4411 | 2 Ibm, Linux | 3 Aix, Spectrum Scale, Linux Kernel | 2023-12-10 | 4.9 MEDIUM | 7.1 HIGH |
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986. | |||||
CVE-2020-4273 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977. | |||||
CVE-2020-4357 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761. | |||||
CVE-2019-4665 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247. | |||||
CVE-2019-4558 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. | |||||
CVE-2019-4715 | 1 Ibm | 1 Spectrum Scale | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093. |