Lucene search
K

28 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2023-55677

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00497EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/03 12:0 a.m.5 views

The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI arises from insufficient channel restrictions for specific endpoints, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI lies in the insufficient restrictions on communication channels for specified endpoints. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

4CVSS5.5AI score0.00218EPSS
Exploits0References2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/21 4:27 p.m.34 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to arbitrary code execution due to Node.js IP package.

Summary IP from Node.js is used by IBM Storage Fusion HCI as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the...

9.8CVSS9.3AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:57 p.m.44 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, authentication bypass, and incorrect privilege assignment due to Golang vulnerabilities.

Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability...

7.5CVSS8.2AI score0.9378EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:57 p.m.35 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to directory traversal due to Beego.

Summary Beego is used by IBM Storage Fusion HCI as part of the user interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details CVEID:CVE-2022-31836 DESCRIPTION: Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in th...

9.8CVSS9.3AI score0.21573EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:56 p.m.41 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.

Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-23829, CVE-2024-23334, CVE-2024-1135, CVE-2024-26130. Vulnerability Details CVEID:CVE-2024-23829 DESCRIPTION: aio-libs...

7.5CVSS7.5AI score0.76875EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:55 p.m.22 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is...

8.1CVSS7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:54 p.m.33 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to phishing attacks and cross-site request forgery due to follow-redirects and Axios.

Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing...

7.3CVSS6.8AI score0.00797EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:54 p.m.33 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, cross-site scripting, and obtaining sensitive information due to Pypa, Pallets Jinja, requests, and urllib3.

Summary Python packages Pypa, Pallet Jinja, requests, and urllib3 are used by IBM Storage Fusion HCI as part of the installer and may be vulnerable to the CVEs listed below. CVE-2022-40897, CVE-2024-22195, CVE-2023-32681, CVE-2023-43804. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pyp...

8.1CVSS7.1AI score0.02782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:54 p.m.31 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to elevated privileges due to OpenShift.

Summary OpenShift included with IBM Storage Fusion HCI is affected by the CVE listed below. CVE-2023-5408. Vulnerability Details CVEID:CVE-2023-5408 DESCRIPTION: OpenShift Kubernetes could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the node...

7.2CVSS7AI score0.01112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:52 p.m.28 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to unauthorized access due to a flaw in Ceph RGW.

Summary Ceph is used by IBM Storage Fusion HCI if IBM Storage Fusion HCI is configured with the Data Foundation service. CVE-2023-43040. Vulnerability Details CVEID:CVE-2023-43040 DESCRIPTION: IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized actions in RGW for Ceph due to...

9.8CVSS6.3AI score0.02539EPSS
Exploits1Affected Software1
OSV
OSV
added 2024/01/08 2:15 a.m.6 views

CVE-2023-50948

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...

9.8CVSS5.8AI score0.00497EPSS
Exploits0References2
NVD
NVD
added 2024/01/08 2:15 a.m.11 views

CVE-2023-50948

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...

9.8CVSS7.9AI score0.00497EPSS
Exploits0References2
Prion
Prion
added 2024/01/08 2:15 a.m.11 views

Hardcoded credentials

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...

7.5CVSS6.8AI score0.00497EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/08 1:43 a.m.5 views

CVE-2023-50948 IBM Storage Fusion HCI information disclosure

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...

6.5CVSS9.1AI score0.00497EPSS
Exploits0References2
CVE
CVE
added 2024/01/08 1:43 a.m.43 views

CVE-2023-50948

IBM Storage Fusion HCI 2.1.0–2.6.1 contains hard-coded credentials used for its own inbound authentication, outbound communication to external components, or encryption of internal data. Root cause is hard-coded credentials in versions 2.1.0–2.6.1. Impact as described: potential exposure of confi...

9.8CVSS8.9AI score0.00497EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/08 1:43 a.m.13 views

CVE-2023-50948 IBM Storage Fusion HCI information disclosure

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...

6.5CVSS9.1AI score0.00497EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/05 5:30 p.m.27 views

Security Bulletin: IBM Storage Fusion HCI uses hard-coded credentials for its own authentication with Active File Management (CVE-2023-50948)

Summary IBM Storage Fusion HCI uses default credentials for Active File Management AFM authentication. Vulnerability Details CVEID:CVE-2023-50948 DESCRIPTION: IBM Storage Fusion HCI contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound...

9.8CVSS8AI score0.00497EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 10:34 p.m.25 views

Security Bulletin: IBM Storage Fusion HCI could be vulnerable to code injection via use of quartz/quartz-jobs [CVE-2023-39017]

Summary The Java library quartz/quartz-jobs is used by IBM Storage Fusion HCI for backup scheduling. A vulnerability in this library includes code injection that could lead to execution of arbitrary code as described in the CVE listed in the 'Vulnerabilities Details' section. This bulletin...

9.8CVSS9.8AI score0.01017EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 5:31 p.m.17 views

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to denial of service due to Pallets Werkzeug (CVE-2023-46136)

Summary The python library Pallets Werkzeug is used by IBM Storage Fusion HCI's backup and restore function for WSGI utilities. A vulnerability in this library could lead to Denial of Service as described the CVE listed in the "Vulnerability Details" section. Vulnerability Details...

8CVSS7.2AI score0.01072EPSS
Exploits0Affected Software1
Rows per page
Query Builder