17 matches found
CVE-2023-25681
IBM Spectrum Virtualize 8.5 (CVE-2023-25681) permits LDAP-authenticated users configured for MFA to access the CIM interface using only a username and password, bypassing MFA. The issue affects CIM authentication and does not apply to local MFA users or SSO-enabled remote users. Red Hat and CVE l...
CVE-2022-39167
CVE-2022-39167 affects IBM Spectrum Virtualize versions 7.8, 8.2–8.5. Under certain configurations, it could disclose sensitive information to an attacker via man-in-the-middle techniques. The NVD/NVDA-derived score is CVSS v3.1 base 5.9 (MEDIUM), with network access, high attack complexity, and ...
CVE-2021-38969
CVE-2021-38969 affects IBM Spectrum Virtualize 8.2, 8.3, and 8.4. The issue arises from reuse of support-generated credentials in the remote-support authentication mechanism, potentially allowing an attacker to obtain unauthorized access to the product’s management GUI. IBM Essen... (IBM Security...
CVE-2023-27870
IBM Spectrum Virtualize 8.5 is affected by an information-disclosure vulnerability where sensitive IBMid credentials could be exposed during Fix Central downloads (e.g., using satask downloadsoftware or the Obtain the package directly option). Root cause: insufficient protection of service data d...
CVE-2022-43873
CVE-2022-43873 affects IBM Spectrum Virtualize GUI (versions 8.2–8.5). An authenticated user can execute code and escalate privileges on the system due to a GUI vulnerability. IBM and Red Hat attest to a privilege-escalation impact with a CVSS-derived high/medium range and list concrete remediati...
CVE-2022-43870
IBM Spectrum Virtualize 8.3–8.5 contains a vulnerability where SNMPv3 server credentials can be disclosed to an authenticated user via log files. Root cause: credentials logged in plaintext in system/audit logs accessible to authenticated users. Impact: confidentiality of SNMPv3 credentials could...
CVE-2018-1465
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem family are affected by CVE-2018-1465. The vulnerability allows an authenticated user to obtain the private key and potentially intercept GUI communications. Affected products include SVC, Storwize V7000/V5000/V37...
CVE-2021-29873
CVE-2021-29873 affects IBM FlashSystem 900 and related IBM storage products (SVC/Storwize/Spectrum Virtualize family). A authenticated user could escape a restricted shell to obtain sensitive information and cause a denial of service. The IBM Security Bulletin lists the affected platforms (FlashS...
CVE-2018-1461
CVE-2018-1461 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (versions 6.1–8.1.x). The issue is cross-site scripting in the Web UI that lets an attacker embed JavaScript, potentially disclosing credentials within an authenticated session. Aff...
CVE-2018-1463
CVE-2018-1463 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (notably on 6.1–8.1 family ranges). The vulnerability allows an authenticated user to access system files they should not have access to, with some files potentially containing acco...
CVE-2020-4686
CVE-2020-4686 affects IBM Spectrum Virtualize (and related IBM Storage products) with a vulnerability in LDAP authentication that could let a remote, LDAP-authenticated user escalate privileges. Affected versions include IBM SAN Volume Controller and Storwize family on 8.3.1. The IBM Security Bul...
CVE-2018-1434
CVE-2018-1434 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (versions in 6.1–8.1 range). The vulnerability is a cross-site request forgery (CSRF) that could allow an attacker to perform malicious actions trusted by users’ web interfaces. Aff...
CVE-2018-1464
CVE-2018-1464 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. The connected IBM security bulletins identify that an authenticated user could obtain sensitive information to which they should not have access, with affected code lines spanning ...
CVE-2018-1462
CVE-2018-1462 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. The issue allows an authenticated user to read/write system files they should not access, including deleting files or causing a denial of service. Affected products/versions includ...
CVE-2018-1466
CVE-2018-1466 affects IBM SAN Volume Controller, Storwize, Spectrum Virtualize and FlashSystem family. The connected IBM security bulletins/entries confirm the vulnerability arises from weaker than expected cryptographic algorithms used by these products, exposing the possibility to decrypt highl...
CVE-2018-1438
CVE-2018-1438 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. The vulnerability arises in the web handler /DLSnap, permitting an unauthenticated attacker to read arbitrary files on the system. Affected code branches include IBM SVC/Storwize/S...
CVE-2018-1433
VULNERABILITY DETAIL (CVE-2018-1433): IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem family (versions 6.1–8.1.x) expose a web handler /DownloadFile that does not require authentication, enabling reading arbitrary files from the system. This is confirmed acros...