Lucene search
K
IbmSpectrum Virtualize

17 matches found

CVE
CVE
added 2024/03/05 7:42 p.m.101 views

CVE-2023-25681

IBM Spectrum Virtualize 8.5 (CVE-2023-25681) permits LDAP-authenticated users configured for MFA to access the CIM interface using only a username and password, bypassing MFA. The issue affects CIM authentication and does not apply to local MFA users or SSO-enabled remote users. Red Hat and CVE l...

6.5CVSS5.3AI score0.00559EPSS
CVE
CVE
added 2023/01/19 4:44 p.m.91 views

CVE-2022-39167

CVE-2022-39167 affects IBM Spectrum Virtualize versions 7.8, 8.2–8.5. Under certain configurations, it could disclose sensitive information to an attacker via man-in-the-middle techniques. The NVD/NVDA-derived score is CVSS v3.1 base 5.9 (MEDIUM), with network access, high attack complexity, and ...

5.9CVSS5.3AI score0.00554EPSS
CVE
CVE
added 2022/05/11 4:10 p.m.87 views

CVE-2021-38969

CVE-2021-38969 affects IBM Spectrum Virtualize 8.2, 8.3, and 8.4. The issue arises from reuse of support-generated credentials in the remote-support authentication mechanism, potentially allowing an attacker to obtain unauthorized access to the product’s management GUI. IBM Essen... (IBM Security...

9.8CVSS8.7AI score0.00678EPSS
CVE
CVE
added 2023/05/11 7:36 p.m.75 views

CVE-2023-27870

IBM Spectrum Virtualize 8.5 is affected by an information-disclosure vulnerability where sensitive IBMid credentials could be exposed during Fix Central downloads (e.g., using satask downloadsoftware or the Obtain the package directly option). Root cause: insufficient protection of service data d...

7.5CVSS6.2AI score0.00651EPSS
CVE
CVE
added 2023/02/22 5:32 p.m.74 views

CVE-2022-43873

CVE-2022-43873 affects IBM Spectrum Virtualize GUI (versions 8.2–8.5). An authenticated user can execute code and escalate privileges on the system due to a GUI vulnerability. IBM and Red Hat attest to a privilege-escalation impact with a CVSS-derived high/medium range and list concrete remediati...

8.8CVSS7.5AI score0.00614EPSS
CVE
CVE
added 2023/02/22 5:26 p.m.73 views

CVE-2022-43870

IBM Spectrum Virtualize 8.3–8.5 contains a vulnerability where SNMPv3 server credentials can be disclosed to an authenticated user via log files. Root cause: credentials logged in plaintext in system/audit logs accessible to authenticated users. Impact: confidentiality of SNMPv3 credentials could...

6.5CVSS6.2AI score0.00632EPSS
CVE
CVE
added 2018/05/17 9:0 p.m.71 views

CVE-2018-1465

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem family are affected by CVE-2018-1465. The vulnerability allows an authenticated user to obtain the private key and potentially intercept GUI communications. Affected products include SVC, Storwize V7000/V5000/V37...

5.3CVSS6.2AI score0.01363EPSS
CVE
CVE
added 2021/10/21 4:40 p.m.69 views

CVE-2021-29873

CVE-2021-29873 affects IBM FlashSystem 900 and related IBM storage products (SVC/Storwize/Spectrum Virtualize family). A authenticated user could escape a restricted shell to obtain sensitive information and cause a denial of service. The IBM Security Bulletin lists the affected platforms (FlashS...

8.8CVSS7.6AI score0.01477EPSS
CVE
CVE
added 2018/05/17 9:0 p.m.66 views

CVE-2018-1461

CVE-2018-1461 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (versions 6.1–8.1.x). The issue is cross-site scripting in the Web UI that lets an attacker embed JavaScript, potentially disclosing credentials within an authenticated session. Aff...

5.4CVSS6AI score0.00983EPSS
CVE
CVE
added 2018/05/17 9:0 p.m.66 views

CVE-2018-1463

CVE-2018-1463 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (notably on 6.1–8.1 family ranges). The vulnerability allows an authenticated user to access system files they should not have access to, with some files potentially containing acco...

6.5CVSS7AI score0.01441EPSS
CVE
CVE
added 2020/08/17 12:35 p.m.66 views

CVE-2020-4686

CVE-2020-4686 affects IBM Spectrum Virtualize (and related IBM Storage products) with a vulnerability in LDAP authentication that could let a remote, LDAP-authenticated user escalate privileges. Affected versions include IBM SAN Volume Controller and Storwize family on 8.3.1. The IBM Security Bul...

8.1CVSS7.8AI score0.01578EPSS
CVE
CVE
added 2018/05/17 9:0 p.m.65 views

CVE-2018-1434

CVE-2018-1434 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (versions in 6.1–8.1 range). The vulnerability is a cross-site request forgery (CSRF) that could allow an attacker to perform malicious actions trusted by users’ web interfaces. Aff...

8.8CVSS8.3AI score0.00941EPSS
CVE
CVE
added 2018/05/17 9:0 p.m.64 views

CVE-2018-1464

CVE-2018-1464 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. The connected IBM security bulletins identify that an authenticated user could obtain sensitive information to which they should not have access, with affected code lines spanning ...

6.5CVSS6.8AI score0.01673EPSS
CVE
CVE
added 2018/05/17 9:0 p.m.63 views

CVE-2018-1462

CVE-2018-1462 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. The issue allows an authenticated user to read/write system files they should not access, including deleting files or causing a denial of service. Affected products/versions includ...

7.6CVSS7.6AI score0.01244EPSS
CVE
CVE
added 2018/05/17 9:0 p.m.61 views

CVE-2018-1466

CVE-2018-1466 affects IBM SAN Volume Controller, Storwize, Spectrum Virtualize and FlashSystem family. The connected IBM security bulletins/entries confirm the vulnerability arises from weaker than expected cryptographic algorithms used by these products, exposing the possibility to decrypt highl...

5.3CVSS6.3AI score0.00842EPSS
CVE
CVE
added 2018/05/17 9:0 p.m.60 views

CVE-2018-1438

CVE-2018-1438 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. The vulnerability arises in the web handler /DLSnap, permitting an unauthenticated attacker to read arbitrary files on the system. Affected code branches include IBM SVC/Storwize/S...

7.5CVSS7.7AI score0.0232EPSS
CVE
CVE
added 2018/05/17 9:0 p.m.57 views

CVE-2018-1433

VULNERABILITY DETAIL (CVE-2018-1433): IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem family (versions 6.1–8.1.x) expose a web handler /DownloadFile that does not require authentication, enabling reading arbitrary files from the system. This is confirmed acros...

7.5CVSS7.4AI score0.02658EPSS