6 matches found
CVE-2023-38002
CVE-2023-38002 — IBM Storage Scale : Affected versions are 5.1.0.0 through 5.1.9.2. An authenticated user could steal or manipulate an active session to gain access to the system. Root cause is described as session-related vulnerability affecting GUI/authenticated sessions (no details on underlyi...
CVE-2024-31891
IBM Storage Scale GUI 5.1.9.0–5.1.9.6 and 5.2.0.0–5.2.1.1 contain a local privilege escalation vulnerability. A user with command line access to the scalemgmt account can elevate privileges to root on the host OS. Affected versions include 5.1.9.x and 5.2.x prior to fixes. Remediation: upgrade to...
CVE-2025-1137
IBM Storage Scale 5.2.2.0 and 5.2.2.1 are affected by a vulnerability that could let an authenticated user execute privileged commands due to improper input neutralization. The connected IBM Security Bulletin confirms the issue and states remediation by upgrading to IBM Storage Scale 5.2.3.0 or l...
CVE-2024-31892
The CVE-2024-31892 issue affects IBM Storage Scale GUI versions 5.1.9.0–5.1.9.6 and 5.2.0.0–5.2.1.1. Description: a CSV file manipulation path can allow unauthorized actions due to improper neutralization of formula elements, i.e., SQL injection in the GUI. Impact stated in the sources is high (C...
CVE-2025-36104
CVE-2025-36104 affects IBM Storage Scale versions 5.2.3.0 and 5.2.3.1. Authenticated users can obtain sensitive information from files due to insecure inherited permissions via SMB ACLs. Root cause: insecure inherited permissions on files/directories created or modified through SMB. Impact: infor...
CVE-2025-14604
CVE-2025-14604 affects IBM Storage Scale. It describes that when a directory has a specific ACL composition, a local user could unintentionally trigger additional permissions for resources, allowing execution by unintended actors. Affected products and versions: IBM Storage Scale 5.2.3.0–5.2.3.5 ...