Spectrum Scale Security Vulnerabilities and Issues — Spectrum Scale CVE List

Lucene search

IbmSpectrum Scale

10 matches found

CVE•added 2018/03/02 5:29 p.m.•44 views

CVE-2017-1654

IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.

4CVSS3.4AI score0.00054EPSS

CVE•added 2021/11/16 5:15 p.m.•43 views

CVE-2021-38882

IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.

4.4CVSS4.4AI score0.0005EPSS

CVE•added 2016/01/02 9:59 p.m.•39 views

CVE-2015-7403

IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.

4CVSS4.1AI score0.00056EPSS

CVE•added 2020/10/20 3:15 p.m.•37 views

CVE-2020-4749

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link...

4.3CVSS4.8AI score0.00148EPSS

CVE•added 2019/01/08 5:0 p.m.•34 views

CVE-2018-1993

IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.

4CVSS3.7AI score0.00058EPSS

CVE•added 2020/05/27 2:15 p.m.•34 views

CVE-2020-4357

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.

4.3CVSS4.1AI score0.00104EPSS

CVE•added 2020/05/27 2:15 p.m.•33 views

CVE-2020-4378

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.

4.9CVSS4.7AI score0.00136EPSS

CVE•added 2021/03/16 2:15 p.m.•32 views

CVE-2020-4890

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.

4.4CVSS4.8AI score0.00041EPSS

CVE•added 2021/04/09 5:15 p.m.•32 views

CVE-2021-29671

IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.

4CVSS3.8AI score0.00038EPSS

CVE•added 2021/01/26 3:15 p.m.•30 views

CVE-2020-4889

IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.

4CVSS3.8AI score0.00038EPSS