CVE-2020-4686

CVE-2020-4686 affects IBM Spectrum Virtualize (and related IBM Storage products) with a vulnerability in LDAP authentication that could let a remote, LDAP-authenticated user escalate privileges. Affected versions include IBM SAN Volume Controller and Storwize family on 8.3.1. The IBM Security Bul...

CVE-2020-4686

IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678...

CVE-2018-1775

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757...

CVE-2018-1775

CVE-2018-1775 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. The vulnerability allows an authenticated user to download arbitrary files from the operating system via the Service Assistant GUI. Affected software includes versions 7.5 through ...

IBM SVC or IBM Storwize storage LUN can be deleted under specific circumstances

Challenge | Newly created LUNs on IBM storages that utilize the Spectrum Virtualize Software with Veeam B&RIBM SVC or IBM FlashSystem, under very specific circumstances, can be deleted by Veeam B&R. --- Cause | Spectrum Virtualize software has the ability to reuse LUN IDs, which are not set to be...

Microsoft Windows: User Account Control: Virtualize file and registry write failures to per-user locations

This policy setting enables or disables the redirection of the write failures of earlier applications to defined locations in the registry and the file system. This feature mitigates applications that historically ran as administrator and wrote runtime application data to %ProgramFiles%, %Windir%...

File Access Vulnerability in Multiple IBM Products (CNVD-2018-13180)

IBM SAN Volume Controller SVC, built with IBM Spectrum Storage software, is a reliable system that helps improve the data value, security and ease of use of new and existing storage infrastructures.The IBM Storwize product family provides all-flash, hybrid storage solutions with common features a...

Cross-site scripting vulnerability in multiple IBM products (CNVD-2018-13181)

IBM SAN Volume Controller SVC, built with IBM Spectrum Storage software, is a reliable system that helps improve the data value, security and ease of use of new and existing storage infrastructures.The IBM Storwize product family provides all-flash, hybrid storage solutions with common features a...

Multiple IBM Products Arbitrary File Read Vulnerability

IBM SAN Volume Controller SVC, built with IBM Spectrum Storage software, is a reliable system that helps improve the data value, security and ease of use of new and existing storage infrastructures.The IBM Storwize product family provides all-flash, hybrid storage solutions with common features a...

Arbitrary File Read Vulnerability in Multiple IBM Products (CNVD-2018-13174)

IBM SAN Volume Controller SVC, built with IBM Spectrum Storage software, is a reliable system that helps improve the data value, security and ease of use of new and existing storage infrastructures.The IBM Storwize product family provides all-flash, hybrid storage solutions with common features a...

Cross-site request forgery vulnerability in multiple IBM products (CNVD-2018-13179)

IBM SAN Volume Controller SVC, built with IBM Spectrum Storage software, is a reliable system that helps improve the data value, security and ease of use of new and existing storage infrastructures.The IBM Storwize product family provides all-flash, hybrid storage solutions with common features a...

Information Disclosure Vulnerability in Multiple IBM Products (CNVD-2018-11111111)

IBM SAN Volume Controller SVC and others are storage systems from IBM in the U.S. IBM SVC is a virtualized storage system; Storwize is a disk storage system customized for small and medium-sized businesses; Spectrum Virtualize is a spectral storage system; FlashSystem is an all-flash storage...

Information Disclosure Vulnerability in Multiple IBM Products (CNVD-2018-11110)

IBM SAN Volume Controller SVC and others are storage systems from IBM in the U.S. IBM SVC is a virtualized storage system; Storwize is a disk storage system customized for small and medium-sized businesses; Spectrum Virtualize is a spectral storage system; FlashSystem is an all-flash storage...

CVE-2018-1462

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 could allow an authenticated user to access system files they should not have access to including deleting...

CVE-2018-1463

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 could allow an authenticated user to access system files they should not have access to some of which could...

CVE-2018-1465

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 could allow an authenticated user to obtain the private key which could make intercepting GUI communication...

CVE-2018-1464

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 could allow an authenticated user to obtain sensitive information that they should not have authorization t...

CVE-2018-1466

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...

Cross site request forgery (csrf)

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

Code injection

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM...