IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: ...
6.5CVSS
5.9AI Score
0.0004EPSS
LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force...
5.3CVSS
5.2AI Score
0.0004EPSS
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: ...
7.5CVSS
5.5AI Score
0.001EPSS
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root...
7.8CVSS
7.6AI Score
0.0004EPSS
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
7.5CVSS
7.2AI Score
0.001EPSS
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate...
8.2CVSS
7.5AI Score
0.0004EPSS
IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
7.5CVSS
7.2AI Score
0.001EPSS
Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery...
9.1CVSS
9.1AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.0005EPSS
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: ...
7.8CVSS
7.1AI Score
0.0004EPSS
IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: ...
6.2CVSS
4.6AI Score
0.0004EPSS
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: ...
8.4CVSS
7.4AI Score
0.0004EPSS
IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: ...
4.9CVSS
4.8AI Score
0.001EPSS
IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID:...
7.5CVSS
7AI Score
0.001EPSS
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: ...
6.2CVSS
5.1AI Score
0.0004EPSS
IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: ...
8.4CVSS
7.1AI Score
0.0004EPSS
IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID:...
8.4CVSS
7.9AI Score
0.0004EPSS
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: ...
8.2CVSS
7.9AI Score
0.001EPSS
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID:....
6.1CVSS
6AI Score
0.001EPSS
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: ...
6.5CVSS
6.1AI Score
0.001EPSS
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: ...
8.8CVSS
8.4AI Score
0.001EPSS
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: ...
6.5CVSS
6.2AI Score
0.001EPSS
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID:...
5.9CVSS
5.3AI Score
0.001EPSS
IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...
7.5CVSS
7.2AI Score
0.001EPSS
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID:...
6.8CVSS
6.3AI Score
0.001EPSS
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID:...
6.8CVSS
5.3AI Score
0.001EPSS
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID:...
7.8CVSS
7.5AI Score
0.0004EPSS
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access...
7.5CVSS
7.1AI Score
0.001EPSS
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private...
5.9CVSS
5.4AI Score
0.001EPSS
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive...
6.5CVSS
6.7AI Score
0.001EPSS
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the...
8.1CVSS
7.7AI Score
0.001EPSS
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection...
5.5CVSS
6.2AI Score
0.0005EPSS
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive...
4.2CVSS
5.1AI Score
0.001EPSS
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and...
5.5CVSS
6.3AI Score
0.0004EPSS
IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID:...
6.5CVSS
6.2AI Score
0.001EPSS
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API...
7.5CVSS
7.3AI Score
0.008EPSS
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID:...
5.5CVSS
5AI Score
0.0004EPSS
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID:...
6.5CVSS
6.2AI Score
0.001EPSS
IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID:...
7.5CVSS
7.2AI Score
0.001EPSS
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session...
8.8CVSS
8.4AI Score
0.002EPSS
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain...
9.8CVSS
9.1AI Score
0.002EPSS
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID:...
5.3CVSS
5.2AI Score
0.001EPSS
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force...
9.8CVSS
9AI Score
0.002EPSS
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by...
8.8CVSS
8.4AI Score
0.001EPSS
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which....
5.4CVSS
5.3AI Score
0.001EPSS
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID:...
5.3CVSS
4.8AI Score
0.001EPSS
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once....
4.5CVSS
4.5AI Score
0.001EPSS
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum...
3.3CVSS
3.9AI Score
0.0004EPSS
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID:...
8.8CVSS
8.4AI Score
0.001EPSS
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are.....
7.5CVSS
7.3AI Score
0.001EPSS