Spectrum Scale@5.0.0 Security Vulnerabilities and Issues — Spectrum Scale@5.0.0 CVE List

Lucene search

IbmSpectrum Scale5.0.0

19 matches found

CVE•added 2019/05/13 4:29 p.m.•561 views

CVE-2019-4259

A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.

5.5CVSS5.3AI score0.00044EPSS

CVE•added 2018/06/13 2:29 p.m.•43 views

CVE-2018-1431

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. I...

7.8CVSS8.1AI score0.0005EPSS

CVE•added 2020/10/20 3:15 p.m.•43 views

CVE-2020-4755

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.

5.4CVSS5.4AI score0.00179EPSS

CVE•added 2020/10/20 3:15 p.m.•40 views

CVE-2020-4748

6.1CVSS5.8AI score0.00216EPSS

CVE•added 2022/03/01 5:15 p.m.•40 views

CVE-2020-4925

A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.

6.2CVSS5.4AI score0.00045EPSS

CVE•added 2021/06/01 2:15 p.m.•38 views

CVE-2021-29740

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entir...

8.4CVSS7.7AI score0.00073EPSS

CVE•added 2020/10/20 3:15 p.m.•37 views

CVE-2020-4749

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link...

4.3CVSS4.8AI score0.00148EPSS

CVE•added 2020/05/27 2:15 p.m.•36 views

CVE-2020-4350

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2020/05/27 2:15 p.m.•36 views

CVE-2020-4379

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2019/01/08 5:0 p.m.•34 views

CVE-2018-1993

IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.

4CVSS3.7AI score0.00058EPSS

CVE•added 2020/05/27 2:15 p.m.•34 views

CVE-2020-4357

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.

4.3CVSS4.1AI score0.00104EPSS

CVE•added 2020/05/27 2:15 p.m.•33 views

CVE-2020-4349

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.

7.5CVSS7.2AI score0.00112EPSS

CVE•added 2020/05/27 2:15 p.m.•33 views

CVE-2020-4378

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.

4.9CVSS4.7AI score0.00136EPSS

CVE•added 2021/03/16 2:15 p.m.•33 views

CVE-2020-4851

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.

5.5CVSS5.2AI score0.00046EPSS

CVE•added 2018/10/05 1:29 p.m.•32 views

CVE-2018-1723

IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.

6.2CVSS5.3AI score0.00141EPSS

CVE•added 2021/03/16 2:15 p.m.•32 views

CVE-2020-4890

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.

4.4CVSS4.8AI score0.00041EPSS

CVE•added 2021/03/16 2:15 p.m.•32 views

CVE-2020-4891

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.

6.2CVSS5.2AI score0.00038EPSS

CVE•added 2020/05/27 2:15 p.m.•31 views

CVE-2020-4358

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.

5.4CVSS5.2AI score0.00236EPSS

CVE•added 2021/01/26 3:15 p.m.•30 views

CVE-2020-4889

IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.

4CVSS3.8AI score0.00038EPSS