Spectrum Scale Security Vulnerabilities and Issues — Spectrum Scale CVE List

Lucene search

IbmSpectrum Scale

60 matches found

CVE•added 2019/05/13 4:29 p.m.•561 views

CVE-2019-4259

A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.

5.5CVSS5.3AI score0.00044EPSS

CVE•added 2020/04/03 1:15 p.m.•76 views

CVE-2020-4273

IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977.

7.8CVSS7.6AI score0.00041EPSS

CVE•added 2022/05/03 7:15 p.m.•72 views

CVE-2022-22368

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2023/02/12 4:15 a.m.•70 views

CVE-2022-43869

IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.

6.5CVSS6.2AI score0.00068EPSS

CVE•added 2022/12/19 8:15 p.m.•63 views

CVE-2022-40607

IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.

6.8CVSS6.4AI score0.00052EPSS

CVE•added 2023/03/15 7:15 p.m.•55 views

CVE-2020-4927

A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.

8.2CVSS6.7AI score0.00057EPSS

CVE•added 2022/12/06 7:15 p.m.•55 views

CVE-2022-43867

IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.

7.8CVSS7.7AI score0.00082EPSS

CVE•added 2022/05/24 5:15 p.m.•51 views

CVE-2020-4926

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.

9.1CVSS8.8AI score0.00158EPSS

CVE•added 2021/05/25 5:15 p.m.•45 views

CVE-2021-29708

IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.

6.7CVSS6.1AI score0.00048EPSS

CVE•added 2018/03/02 5:29 p.m.•44 views

CVE-2017-1654

IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.

4CVSS3.4AI score0.00054EPSS

CVE•added 2020/03/31 3:15 p.m.•44 views

CVE-2020-4241

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-For...

9CVSS8.6AI score0.0913EPSS

CVE•added 2020/08/31 1:15 p.m.•44 views

CVE-2020-4492

IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.

6.2CVSS5.1AI score0.00058EPSS

CVE•added 2018/06/13 2:29 p.m.•43 views

CVE-2018-1431

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. I...

7.8CVSS8.1AI score0.0005EPSS

CVE•added 2020/10/20 3:15 p.m.•43 views

CVE-2020-4755

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.

5.4CVSS5.4AI score0.00179EPSS

CVE•added 2021/11/16 5:15 p.m.•43 views

CVE-2021-38882

IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.

4.4CVSS4.4AI score0.0005EPSS

CVE•added 2020/05/19 2:15 p.m.•42 views

CVE-2020-4411

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local atta...

7.1CVSS6.3AI score0.00043EPSS

CVE•added 2021/04/27 5:15 p.m.•42 views

CVE-2021-29667

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.

7.8CVSS7.8AI score0.00313EPSS

CVE•added 2015/10/26 2:59 a.m.•41 views

CVE-2015-4981

IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors.

2.1CVSS3.7AI score0.00055EPSS

CVE•added 2017/02/01 10:59 p.m.•41 views

CVE-2016-6115

IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.

9CVSS7.3AI score0.03137EPSS

CVE•added 2020/03/31 3:15 p.m.•41 views

CVE-2020-4242

9CVSS8.6AI score0.03831EPSS

CVE•added 2015/10/26 2:59 a.m.•40 views

CVE-2015-4974

IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.

7.2CVSS4.2AI score0.00104EPSS

CVE•added 2020/10/20 3:15 p.m.•40 views

CVE-2020-4748

6.1CVSS5.8AI score0.00216EPSS

CVE•added 2022/03/01 5:15 p.m.•40 views

CVE-2020-4925

A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.

6.2CVSS5.4AI score0.00045EPSS

CVE•added 2023/12/14 1:15 a.m.•40 views

CVE-2022-43843

IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.

7.5CVSS6.3AI score0.0004EPSS

CVE•added 2016/01/02 9:59 p.m.•39 views

CVE-2015-7403

IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.

4CVSS4.1AI score0.00056EPSS

CVE•added 2019/10/09 4:15 p.m.•38 views

CVE-2019-4558

A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.

8.1CVSS7.3AI score0.00177EPSS

CVE•added 2020/03/09 3:15 p.m.•38 views

CVE-2020-4217

The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems m...

7.5CVSS7.2AI score0.00467EPSS

CVE•added 2021/06/01 2:15 p.m.•38 views

CVE-2021-29740

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entir...

8.4CVSS7.7AI score0.00073EPSS

CVE•added 2023/05/05 3:15 p.m.•38 views

CVE-2023-30434

IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.

6.2CVSS5.3AI score0.00017EPSS

CVE•added 2016/01/27 5:59 a.m.•37 views

CVE-2015-7488

IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.

5.9CVSS5.6AI score0.00081EPSS

CVE•added 2018/09/19 3:29 p.m.•37 views

CVE-2018-1782

IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.

6.5CVSS6.1AI score0.00048EPSS

CVE•added 2020/10/20 3:15 p.m.•37 views

CVE-2020-4749

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link...

4.3CVSS4.8AI score0.00148EPSS

CVE•added 2020/05/27 2:15 p.m.•36 views

CVE-2020-4350

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2020/05/27 2:15 p.m.•36 views

CVE-2020-4379

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2016/06/29 1:59 a.m.•35 views

CVE-2016-0263

IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.

7.2CVSS6.8AI score0.0004EPSS

CVE•added 2020/05/27 2:15 p.m.•35 views

CVE-2020-4348

IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414

6.5CVSS6.2AI score0.00102EPSS

CVE•added 2016/11/25 3:59 a.m.•34 views

CVE-2016-2985

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.

7CVSS6.7AI score0.00039EPSS

CVE•added 2019/01/08 5:0 p.m.•34 views

CVE-2018-1993

IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.

4CVSS3.7AI score0.00058EPSS

CVE•added 2020/05/27 2:15 p.m.•34 views

CVE-2020-4357

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.

4.3CVSS4.1AI score0.00104EPSS

CVE•added 2020/05/19 2:15 p.m.•34 views

CVE-2020-4412

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster a...

5.3CVSS5.3AI score0.00316EPSS

CVE•added 2020/10/20 3:15 p.m.•34 views

CVE-2020-4756

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Fo...

6.2CVSS5.1AI score0.00048EPSS

CVE•added 2021/04/27 5:15 p.m.•34 views

CVE-2020-4981

IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541.

6CVSS5.6AI score0.00035EPSS

CVE•added 2019/12/11 3:15 p.m.•33 views

CVE-2019-4665

IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.

5.4CVSS5.2AI score0.00186EPSS

CVE•added 2020/05/27 2:15 p.m.•33 views

CVE-2020-4349

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2020/05/27 2:15 p.m.•33 views

CVE-2020-4378

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.

4.9CVSS4.7AI score0.00136EPSS

CVE•added 2021/03/16 2:15 p.m.•33 views

CVE-2020-4851

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.

5.5CVSS5.2AI score0.00046EPSS

CVE•added 2016/11/25 3:59 a.m.•32 views

CVE-2016-2984

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.

7CVSS6.7AI score0.00039EPSS

CVE•added 2018/10/05 1:29 p.m.•32 views

CVE-2018-1723

IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.

6.2CVSS5.3AI score0.00144EPSS

CVE•added 2019/12/11 3:15 p.m.•32 views

CVE-2019-4715

IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.

9CVSS8.6AI score0.06697EPSS

CVE•added 2021/03/16 2:15 p.m.•32 views

CVE-2020-4890

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.

4.4CVSS4.8AI score0.00041EPSS

Total number of security vulnerabilities60