Vulnerabilites related to ibm - spectrum_scale
cve-2020-4889
Vulnerability from cvelistv5
Published
2021-01-26 14:25
Modified
2024-09-17 02:20
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6405776 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190971 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.5.4 Version: 5.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:58.413Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6405776", }, { name: "ibm-spectrum-cve20204889-log-poisoning (190971)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190971", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.5.4", }, { status: "affected", version: "5.1", }, ], }, ], datePublic: "2021-01-25T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.5, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:N/UI:N/AV:L/I:L/AC:L/C:N/A:N/S:U/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "File Manipulation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-26T14:25:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6405776", }, { name: "ibm-spectrum-cve20204889-log-poisoning (190971)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190971", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-01-25T00:00:00", ID: "CVE-2020-4889", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.5.4", }, { version_value: "5.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "N", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "File Manipulation", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6405776", refsource: "CONFIRM", title: "IBM Security Bulletin 6405776 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6405776", }, { name: "ibm-spectrum-cve20204889-log-poisoning (190971)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190971", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4889", datePublished: "2021-01-26T14:25:16.856598Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T02:20:39.274Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4925
Vulnerability from cvelistv5
Published
2022-03-01 16:45
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6560094 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/191599 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0 Version: 5.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:59.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6560094", }, { name: "ibm-spectrum-cve20204925-dos (191599)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191599", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0", }, { status: "affected", version: "5.1", }, ], }, ], datePublic: "2022-02-28T00:00:00", descriptions: [ { lang: "en", value: "A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.9, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/C:N/PR:N/AC:L/S:U/A:H/AV:L/UI:N/RC:C/RL:O/E:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-01T16:45:22", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6560094", }, { name: "ibm-spectrum-cve20204925-dos (191599)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191599", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-02-28T00:00:00", ID: "CVE-2020-4925", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0", }, { version_value: "5.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6560094", refsource: "CONFIRM", title: "IBM Security Bulletin 6560094 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6560094", }, { name: "ibm-spectrum-cve20204925-dos (191599)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191599", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4925", datePublished: "2022-03-01T16:45:22.527592Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T17:14:46.556Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7403
Vulnerability from cvelistv5
Published
2016-01-02 21:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005452 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1035094 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/79805 | vdb-entry, x_refsource_BID | |
http://www-01.ibm.com/support/docview.wss?uid=swg21972152 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:27.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005452", }, { name: "1035094", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035094", }, { name: "79805", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/79805", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-04T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005452", }, { name: "1035094", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035094", }, { name: "79805", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/79805", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-7403", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005452", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005452", }, { name: "1035094", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035094", }, { name: "79805", refsource: "BID", url: "http://www.securityfocus.com/bid/79805", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-7403", datePublished: "2016-01-02T21:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:27.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29740
Vulnerability from cvelistv5
Published
2021-06-01 14:05
Modified
2024-09-16 20:11
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6457629 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/201474 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.1.0 Version: 5.0.5.6 Version: 5.1.0.3 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:18:02.082Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6457629", }, { name: "ibm-spectrum-cve202129740-priv-escalation (201474)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/201474", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.1.0", }, { status: "affected", version: "5.0.5.6", }, { status: "affected", version: "5.1.0.3", }, ], }, ], datePublic: "2021-05-31T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.3, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/I:H/S:U/AC:L/A:H/PR:N/C:H/AV:L/UI:N/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-01T14:05:10", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6457629", }, { name: "ibm-spectrum-cve202129740-priv-escalation (201474)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/201474", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-05-31T00:00:00", ID: "CVE-2021-29740", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.1.0", }, { version_value: "5.0.5.6", }, { version_value: "5.1.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6457629", refsource: "CONFIRM", title: "IBM Security Bulletin 6457629 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6457629", }, { name: "ibm-spectrum-cve202129740-priv-escalation (201474)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/201474", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29740", datePublished: "2021-06-01T14:05:10.819504Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T20:11:22.875Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4926
Vulnerability from cvelistv5
Published
2022-05-24 16:20
Modified
2024-09-16 16:17
Severity ?
EPSS score ?
Summary
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6589109 | x_refsource_CONFIRM | |
https://www.ibm.com/support/pages/node/6565399 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/191600 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.1 |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:59.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6589109", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6565399", }, { name: "ibm-spectrum-cve20204926-info-disc (191600)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191600", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.1", }, ], }, { product: "Elastic Storage System", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, ], }, ], datePublic: "2022-05-23T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:N/I:L/AC:H/S:U/C:H/A:N/UI:N/AV:L/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-24T16:20:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6589109", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6565399", }, { name: "ibm-spectrum-cve20204926-info-disc (191600)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191600", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-05-23T00:00:00", ID: "CVE-2020-4926", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.1", }, ], }, }, { product_name: "Elastic Storage System", version: { version_data: [ { version_value: "6.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "L", C: "H", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6589109", refsource: "CONFIRM", title: "IBM Security Bulletin 6589109 (Elastic Storage System)", url: "https://www.ibm.com/support/pages/node/6589109", }, { name: "https://www.ibm.com/support/pages/node/6565399", refsource: "CONFIRM", title: "IBM Security Bulletin 6565399 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6565399", }, { name: "ibm-spectrum-cve20204926-info-disc (191600)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191600", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4926", datePublished: "2022-05-24T16:20:16.554701Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T16:17:59.228Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7488
Vulnerability from cvelistv5
Published
2016-01-27 02:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005580 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:27.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005580", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-19T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-01-27T04:57:02", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005580", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-7488", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005580", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005580", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-7488", datePublished: "2016-01-27T02:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:27.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4665
Vulnerability from cvelistv5
Published
2019-12-11 14:25
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1118937 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/171247 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0 Version: 4.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.611Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1118937", }, { name: "ibm-spectrum-cve20194665-xss (171247)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/171247", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0", }, { status: "affected", version: "4.2", }, ], }, ], datePublic: "2019-12-10T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/A:N/UI:R/PR:L/C:L/S:C/AC:L/I:L/AV:N/E:H/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-11T14:25:17", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1118937", }, { name: "ibm-spectrum-cve20194665-xss (171247)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/171247", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-12-10T00:00:00", ID: "CVE-2019-4665", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0", }, { version_value: "4.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1118937", refsource: "CONFIRM", title: "IBM Security Bulletin 1118937 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/1118937", }, { name: "ibm-spectrum-cve20194665-xss (171247)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/171247", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4665", datePublished: "2019-12-11T14:25:17.749318Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T23:01:26.682Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-4981
Vulnerability from cvelistv5
Published
2015-10-26 01:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/77027 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1035094 | vdb-entry, x_refsource_SECTRACK | |
http://www-01.ibm.com/support/docview.wss?uid=swg21972152 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:32:31.539Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", }, { name: "77027", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/77027", }, { name: "1035094", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035094", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-17T00:00:00", descriptions: [ { lang: "en", value: "IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-02T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", }, { name: "77027", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/77027", }, { name: "1035094", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035094", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-4981", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", }, { name: "77027", refsource: "BID", url: "http://www.securityfocus.com/bid/77027", }, { name: "1035094", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035094", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-4981", datePublished: "2015-10-26T01:00:00", dateReserved: "2015-06-24T00:00:00", dateUpdated: "2024-08-06T06:32:31.539Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-4974
Vulnerability from cvelistv5
Published
2015-10-26 01:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1035094 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/77025 | vdb-entry, x_refsource_BID | |
http://www-01.ibm.com/support/docview.wss?uid=swg21972152 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:32:31.880Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", }, { name: "1035094", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035094", }, { name: "77025", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/77025", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-17T00:00:00", descriptions: [ { lang: "en", value: "IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-02T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", }, { name: "1035094", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035094", }, { name: "77025", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/77025", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-4974", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", }, { name: "1035094", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035094", }, { name: "77025", refsource: "BID", url: "http://www.securityfocus.com/bid/77025", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-4974", datePublished: "2015-10-26T01:00:00", dateReserved: "2015-06-24T00:00:00", dateUpdated: "2024-08-06T06:32:31.880Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38882
Vulnerability from cvelistv5
Published
2021-11-16 16:55
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6516426 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/209164 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.1.0 Version: 5.1.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:20.856Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6516426", }, { name: "ibm-specturm-cve202138882-file-manipulation (209164)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209164", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.1.0", }, { status: "affected", version: "5.1.1.1", }, ], }, ], datePublic: "2021-11-15T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "HIGH", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.9, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/C:N/AV:L/S:U/A:N/AC:L/I:H/PR:H/UI:N/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "File Manipulation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-16T16:55:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6516426", }, { name: "ibm-specturm-cve202138882-file-manipulation (209164)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209164", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-11-15T00:00:00", ID: "CVE-2021-38882", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.1.0", }, { version_value: "5.1.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "N", I: "H", PR: "H", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "File Manipulation", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6516426", refsource: "CONFIRM", title: "IBM Security Bulletin 6516426 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6516426", }, { name: "ibm-specturm-cve202138882-file-manipulation (209164)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209164", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38882", datePublished: "2021-11-16T16:55:16.824272Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-16T23:15:52.567Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29708
Vulnerability from cvelistv5
Published
2021-05-25 16:00
Modified
2024-09-16 18:08
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6455629 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/200883 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.1.0.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:18:02.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6455629", }, { name: "ibm-spectrum-cve202129708-info-disc (200883)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/200883", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.1.0.1", }, ], }, ], datePublic: "2021-05-24T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "HIGH", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.8, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/UI:N/S:U/AV:L/A:H/C:H/I:H/PR:H/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-25T16:00:17", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6455629", }, { name: "ibm-spectrum-cve202129708-info-disc (200883)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/200883", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-05-24T00:00:00", ID: "CVE-2021-29708", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.1.0.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "H", I: "H", PR: "H", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6455629", refsource: "CONFIRM", title: "IBM Security Bulletin 6455629 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6455629", }, { name: "ibm-spectrum-cve202129708-info-disc (200883)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/200883", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29708", datePublished: "2021-05-25T16:00:17.916256Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T18:08:42.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4981
Vulnerability from cvelistv5
Published
2021-04-27 16:32
Modified
2024-09-16 22:35
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6447077 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/192541 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.4.1 Version: 5.1.0.3 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:22:07.579Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6447077", }, { name: "ibm-spectrum-cve20204981-file-write (192541)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/192541", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.4.1", }, { status: "affected", version: "5.1.0.3", }, ], }, ], datePublic: "2021-04-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "HIGH", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.9, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/AC:L/I:H/AV:L/PR:H/A:N/C:N/UI:N/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "File Manipulation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-27T16:32:49", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6447077", }, { name: "ibm-spectrum-cve20204981-file-write (192541)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/192541", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-04-26T00:00:00", ID: "CVE-2020-4981", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.4.1", }, { version_value: "5.1.0.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "N", I: "H", PR: "H", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "File Manipulation", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6447077", refsource: "CONFIRM", title: "IBM Security Bulletin 6447077 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6447077", }, { name: "ibm-spectrum-cve20204981-file-write (192541)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/192541", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4981", datePublished: "2021-04-27T16:32:49.829154Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T22:35:01.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1723
Vulnerability from cvelistv5
Published
2018-10-05 13:00
Modified
2024-09-16 21:02
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/147373 | vdb-entry, x_refsource_XF | |
https://www.ibm.com/support/docview.wss?uid=ibm10732713 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105975 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.1.2 Version: 4.2.0.0 Version: 4.2.3.10 Version: 4.1.1.0 Version: 4.1.1.20 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:44.297Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-spectrum-cve20181723-info-disc(147373)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/147373", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10732713", }, { name: "105975", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105975", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.1.2", }, { status: "affected", version: "4.2.0.0", }, { status: "affected", version: "4.2.3.10", }, { status: "affected", version: "4.1.1.0", }, { status: "affected", version: "4.1.1.20", }, ], }, ], datePublic: "2018-10-04T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:L/AV:L/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-18T09:06:07", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-spectrum-cve20181723-info-disc(147373)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/147373", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10732713", }, { name: "105975", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105975", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-10-04T00:00:00", ID: "CVE-2018-1723", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.1.2", }, { version_value: "4.2.0.0", }, { version_value: "4.2.3.10", }, { version_value: "4.1.1.0", }, { version_value: "4.1.1.20", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-spectrum-cve20181723-info-disc(147373)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/147373", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10732713", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10732713", }, { name: "105975", refsource: "BID", url: "http://www.securityfocus.com/bid/105975", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1723", datePublished: "2018-10-05T13:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T21:02:50.529Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4748
Vulnerability from cvelistv5
Published
2020-10-20 14:15
Modified
2024-09-16 19:50
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6349449 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/188517 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.5.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:58.515Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6349449", }, { name: "ibm-spectrum-cve20204748-xss (188517)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188517", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.5.2", }, ], }, ], datePublic: "2020-10-19T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.8, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/UI:R/PR:N/I:L/S:C/AC:L/AV:N/A:N/C:L/E:H/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T14:15:33", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6349449", }, { name: "ibm-spectrum-cve20204748-xss (188517)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188517", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-19T00:00:00", ID: "CVE-2020-4748", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.5.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6349449", refsource: "CONFIRM", title: "IBM Security Bulletin 6349449 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6349449", }, { name: "ibm-spectrum-cve20204748-xss (188517)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188517", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4748", datePublished: "2020-10-20T14:15:33.244359Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T19:50:55.034Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7456
Vulnerability from cvelistv5
Published
2016-01-01 11:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg1IV79381 | vendor-advisory, x_refsource_AIXAPAR | |
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005476 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:27.539Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IV79381", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79381", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005476", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-17T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-01-01T05:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IV79381", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79381", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005476", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-7456", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IV79381", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79381", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005476", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005476", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-7456", datePublished: "2016-01-01T11:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:27.539Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4756
Vulnerability from cvelistv5
Published
2020-10-20 14:15
Modified
2024-09-16 23:21
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6349469 | x_refsource_CONFIRM | |
https://www.ibm.com/support/pages/node/6349475 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/188599 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | Elastic Storage Server |
Version: 6.0.0 Version: 6.0.1.0 |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:58.537Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6349469", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6349475", }, { name: "ibm-spectrum-cve20204756-dos (188599)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188599", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Elastic Storage Server", vendor: "IBM", versions: [ { status: "affected", version: "6.0.0", }, { status: "affected", version: "6.0.1.0", }, ], }, { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.2.0.0", }, { status: "affected", version: "5.0.0.0", }, { status: "affected", version: "4.2.3.23", }, { status: "affected", version: "5.0.5.2", }, ], }, ], datePublic: "2020-10-19T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/C:N/PR:N/UI:N/S:U/I:N/AC:L/AV:L/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T14:15:34", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6349469", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6349475", }, { name: "ibm-spectrum-cve20204756-dos (188599)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188599", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-19T00:00:00", ID: "CVE-2020-4756", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Elastic Storage Server", version: { version_data: [ { version_value: "6.0.0", }, { version_value: "6.0.1.0", }, ], }, }, { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.2.0.0", }, { version_value: "5.0.0.0", }, { version_value: "4.2.3.23", }, { version_value: "5.0.5.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6349469", refsource: "CONFIRM", title: "IBM Security Bulletin 6349469 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6349469", }, { name: "https://www.ibm.com/support/pages/node/6349475", refsource: "CONFIRM", title: "IBM Security Bulletin 6349475 (Elastic Storage Server)", url: "https://www.ibm.com/support/pages/node/6349475", }, { name: "ibm-spectrum-cve20204756-dos (188599)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188599", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4756", datePublished: "2020-10-20T14:15:34.611179Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T23:21:52.772Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43843
Vulnerability from cvelistv5
Published
2023-12-14 00:41
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.
References
▼ | URL | Tags |
---|---|---|
https://https://www.ibm.com/support/pages/node/7094941 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/239080 | vdb-entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.1.5.0 ≤ 5.1.5.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.572Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://https://www.ibm.com/support/pages/node/7094941", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239080", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Spectrum Scale", vendor: "IBM", versions: [ { lessThanOrEqual: "5.1.5.1", status: "affected", version: "5.1.5.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.", }, ], value: "IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-14T00:41:07.920Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://https://www.ibm.com/support/pages/node/7094941", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239080", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Spectrum Scale information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-43843", datePublished: "2023-12-14T00:41:07.920Z", dateReserved: "2022-10-26T15:46:22.820Z", dateUpdated: "2024-08-03T13:40:06.572Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4755
Vulnerability from cvelistv5
Published
2020-10-20 14:15
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6349449 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/188595 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.5.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:57.832Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6349449", }, { name: "ibm-spectrum-cve20204755-xss (188595)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188595", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.5.2", }, ], }, ], datePublic: "2020-10-19T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/A:N/C:L/S:C/I:L/PR:L/UI:R/AV:N/AC:L/RC:C/RL:O/E:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T14:15:34", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6349449", }, { name: "ibm-spectrum-cve20204755-xss (188595)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188595", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-19T00:00:00", ID: "CVE-2020-4755", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.5.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6349449", refsource: "CONFIRM", title: "IBM Security Bulletin 6349449 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6349449", }, { name: "ibm-spectrum-cve20204755-xss (188595)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188595", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4755", datePublished: "2020-10-20T14:15:34.173968Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T02:52:54.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4890
Vulnerability from cvelistv5
Published
2021-03-16 13:55
Modified
2024-09-16 20:31
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6430147 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190973 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.5.5 Version: 5.1.0 Version: 5.1.0.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:59.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6430147", }, { name: "ibm-spectrum-cve20204890-dos (190973)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190973", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.5.5", }, { status: "affected", version: "5.1.0", }, { status: "affected", version: "5.1.0.2", }, ], }, ], datePublic: "2021-03-15T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "HIGH", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.9, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AV:L/I:N/UI:N/C:N/PR:H/AC:L/S:U/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-16T13:55:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6430147", }, { name: "ibm-spectrum-cve20204890-dos (190973)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190973", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-03-15T00:00:00", ID: "CVE-2020-4890", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.5.5", }, { version_value: "5.1.0", }, { version_value: "5.1.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "N", I: "N", PR: "H", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6430147", refsource: "CONFIRM", title: "IBM Security Bulletin 6430147 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6430147", }, { name: "ibm-spectrum-cve20204890-dos (190973)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190973", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4890", datePublished: "2021-03-16T13:55:16.333256Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T20:31:25.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4273
Vulnerability from cvelistv5
Published
2020-04-03 12:35
Modified
2024-09-16 18:44
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6151701 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/175977 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0 Version: 4.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:06.950Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6151701", }, { name: "ibm-spectrum-cve20204273-priv-escalation (175977)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175977", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0", }, { status: "affected", version: "4.2", }, ], }, ], datePublic: "2020-04-02T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/S:U/AV:L/C:H/I:H/UI:N/PR:N/A:H/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-03T12:35:12", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6151701", }, { name: "ibm-spectrum-cve20204273-priv-escalation (175977)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175977", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-04-02T00:00:00", ID: "CVE-2020-4273", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0", }, { version_value: "4.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "L", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6151701", refsource: "CONFIRM", title: "IBM Security Bulletin 6151701 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6151701", }, { name: "ibm-spectrum-cve20204273-priv-escalation (175977)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175977", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4273", datePublished: "2020-04-03T12:35:12.184193Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T18:44:16.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29671
Vulnerability from cvelistv5
Published
2021-04-09 16:45
Modified
2024-09-16 20:37
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6441429 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199478 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.1.0.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:11:06.380Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6441429", }, { name: "ibm-spectrum-cve202129671-sec-bypass (199478)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199478", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.1.0.1", }, ], }, ], datePublic: "2021-04-08T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.5, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/UI:N/I:L/C:N/AC:L/PR:N/A:N/AV:L/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Bypass Security", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-09T16:45:18", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6441429", }, { name: "ibm-spectrum-cve202129671-sec-bypass (199478)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199478", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-04-08T00:00:00", ID: "CVE-2021-29671", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.1.0.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "N", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Bypass Security", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6441429", refsource: "CONFIRM", title: "IBM Security Bulletin 6441429 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6441429", }, { name: "ibm-spectrum-cve202129671-sec-bypass (199478)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199478", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29671", datePublished: "2021-04-09T16:45:18.550924Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T20:37:52.214Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1783
Vulnerability from cvelistv5
Published
2018-10-05 13:00
Modified
2024-08-05 04:07
Severity ?
EPSS score ?
Summary
IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10732717 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/148806 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:44.366Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10732717", }, { name: "ibm-spectrum-cve20181783-dos(148806)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148806", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-10-04T00:00:00", descriptions: [ { lang: "en", value: "IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-05T12:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10732717", }, { name: "ibm-spectrum-cve20181783-dos(148806)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148806", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2018-1783", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10732717", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10732717", }, { name: "ibm-spectrum-cve20181783-dos(148806)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148806", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1783", datePublished: "2018-10-05T13:00:00", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-08-05T04:07:44.366Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4558
Vulnerability from cvelistv5
Published
2019-10-09 15:00
Modified
2024-09-16 18:18
Severity ?
EPSS score ?
Summary
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1073732 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/166282 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 4.2.0.0 Version: 5.0.0.0 Version: 4.2.3.17 Version: 5.0.3.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:47.680Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1073732", }, { name: "ibm-spectrum-cve20194558-priv-escalation (166282)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166282", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.2.0.0", }, { status: "affected", version: "5.0.0.0", }, { status: "affected", version: "4.2.3.17", }, { status: "affected", version: "5.0.3.2", }, ], }, ], datePublic: "2019-10-07T00:00:00", descriptions: [ { lang: "en", value: "A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.1, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:N/AC:H/A:H/I:H/S:U/C:H/UI:N/AV:N/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-09T15:00:24", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1073732", }, { name: "ibm-spectrum-cve20194558-priv-escalation (166282)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166282", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-10-07T00:00:00", ID: "CVE-2019-4558", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.2.0.0", }, { version_value: "5.0.0.0", }, { version_value: "4.2.3.17", }, { version_value: "5.0.3.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1073732", refsource: "CONFIRM", title: "IBM Security Bulletin 1073732 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/1073732", }, { name: "ibm-spectrum-cve20194558-priv-escalation (166282)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166282", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4558", datePublished: "2019-10-09T15:00:24.669635Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T18:18:55.860Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4891
Vulnerability from cvelistv5
Published
2021-03-16 13:55
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6430147 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190974 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.5.5 Version: 5.1.0 Version: 5.1.0.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:59.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6430147", }, { name: "ibm-spectrum-cve20204891-info-disc (190974)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190974", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.5.5", }, { status: "affected", version: "5.1.0", }, { status: "affected", version: "5.1.0.2", }, ], }, ], datePublic: "2021-03-15T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/AV:L/I:N/C:H/A:N/S:U/PR:N/AC:L/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-16T13:55:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6430147", }, { name: "ibm-spectrum-cve20204891-info-disc (190974)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190974", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-03-15T00:00:00", ID: "CVE-2020-4891", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.5.5", }, { version_value: "5.1.0", }, { version_value: "5.1.0.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6430147", refsource: "CONFIRM", title: "IBM Security Bulletin 6430147 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6430147", }, { name: "ibm-spectrum-cve20204891-info-disc (190974)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190974", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4891", datePublished: "2021-03-16T13:55:16.975172Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T00:16:08.376Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1431
Vulnerability from cvelistv5
Published
2018-06-13 14:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/139240 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/105546 | vdb-entry, x_refsource_BID | |
http://www.ibm.com/support/docview.wss?uid=ssg1S1012049 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 4.1.1 Version: 4.2.0 Version: 4.2.1 Version: 4.2.2 Version: 4.2.3 Version: 5.0.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:39.022Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-spectrum-cve20181431-priv-escalation(139240)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139240", }, { name: "105546", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105546", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012049", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.2.0", }, { status: "affected", version: "4.2.1", }, { status: "affected", version: "4.2.2", }, { status: "affected", version: "4.2.3", }, { status: "affected", version: "5.0.0", }, ], }, ], datePublic: "2018-06-11T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:H/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-spectrum-cve20181431-priv-escalation(139240)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139240", }, { name: "105546", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105546", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012049", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-06-11T00:00:00", ID: "CVE-2018-1431", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.1.1", }, { version_value: "4.2.0", }, { version_value: "4.2.1", }, { version_value: "4.2.2", }, { version_value: "4.2.3", }, { version_value: "5.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "L", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "ibm-spectrum-cve20181431-priv-escalation(139240)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139240", }, { name: "105546", refsource: "BID", url: "http://www.securityfocus.com/bid/105546", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012049", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012049", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1431", datePublished: "2018-06-13T14:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T00:26:35.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2985
Vulnerability from cvelistv5
Published
2016-11-25 03:38
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/92408 | vdb-entry, x_refsource_BID | |
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:40:14.380Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "92408", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92408", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-04T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "92408", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92408", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-2985", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "92408", refsource: "BID", url: "http://www.securityfocus.com/bid/92408", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-2985", datePublished: "2016-11-25T03:38:00", dateReserved: "2016-03-09T00:00:00", dateUpdated: "2024-08-05T23:40:14.380Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4348
Vulnerability from cvelistv5
Published
2020-05-27 13:15
Modified
2024-09-16 22:52
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6213739 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/178414 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 4.2.0.0 Version: 5.0.0.0 Version: 4.2.3.21 Version: 5.0.4.4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:06.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6213739", }, { name: "ibm-spectrum-cve20204348-weak-sec (178414)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178414", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.2.0.0", }, { status: "affected", version: "5.0.0.0", }, { status: "affected", version: "4.2.3.21", }, { status: "affected", version: "5.0.4.4", }, ], }, ], datePublic: "2020-05-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/I:H/PR:L/C:N/AV:N/S:U/AC:L/UI:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-27T13:15:28", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6213739", }, { name: "ibm-spectrum-cve20204348-weak-sec (178414)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178414", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-05-26T00:00:00", ID: "CVE-2020-4348", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.2.0.0", }, { version_value: "5.0.0.0", }, { version_value: "4.2.3.21", }, { version_value: "5.0.4.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "N", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6213739", refsource: "CONFIRM", title: "IBM Security Bulletin 6213739 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6213739", }, { name: "ibm-spectrum-cve20204348-weak-sec (178414)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178414", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4348", datePublished: "2020-05-27T13:15:28.309819Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T22:52:11.368Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4491
Vulnerability from cvelistv5
Published
2020-10-20 14:15
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6349465 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/181991 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 4.2.0.0 Version: 5.0.0.0 Version: 5.0.5 Version: 4.2.3.22 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:48.821Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6349465", }, { name: "ibm-spectrum-cve20204491-dos (181991)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181991", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.2.0.0", }, { status: "affected", version: "5.0.0.0", }, { status: "affected", version: "5.0.5", }, { status: "affected", version: "4.2.3.22", }, ], }, ], datePublic: "2020-10-19T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.5, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/S:U/UI:N/PR:N/AV:L/AC:L/A:L/C:N/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T14:15:32", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6349465", }, { name: "ibm-spectrum-cve20204491-dos (181991)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181991", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-19T00:00:00", ID: "CVE-2020-4491", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.2.0.0", }, { version_value: "5.0.0.0", }, { version_value: "5.0.5", }, { version_value: "4.2.3.22", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "L", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6349465", refsource: "CONFIRM", title: "IBM Security Bulletin 6349465 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6349465", }, { name: "ibm-spectrum-cve20204491-dos (181991)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181991", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4491", datePublished: "2020-10-20T14:15:32.316933Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T00:46:13.362Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29666
Vulnerability from cvelistv5
Published
2021-04-27 16:32
Modified
2024-09-16 22:55
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6447107 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199400 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0 Version: 5.1 Version: 5.1.0.2 Version: 5.0.5.6 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:11:06.253Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6447107", }, { name: "ibm-spectrum-cve202129666-xss (199400)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199400", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0", }, { status: "affected", version: "5.1", }, { status: "affected", version: "5.1.0.2", }, { status: "affected", version: "5.0.5.6", }, ], }, ], datePublic: "2021-04-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AC:L/S:C/I:L/AV:N/PR:L/A:N/UI:R/C:L/RL:O/RC:C/E:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-27T16:32:52", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6447107", }, { name: "ibm-spectrum-cve202129666-xss (199400)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199400", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-04-26T00:00:00", ID: "CVE-2021-29666", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0", }, { version_value: "5.1", }, { version_value: "5.1.0.2", }, { version_value: "5.0.5.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6447107", refsource: "CONFIRM", title: "IBM Security Bulletin 6447107 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6447107", }, { name: "ibm-spectrum-cve202129666-xss (199400)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199400", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29666", datePublished: "2021-04-27T16:32:52.431642Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T22:55:52.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2984
Vulnerability from cvelistv5
Published
2016-11-25 03:38
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/92410 | vdb-entry, x_refsource_BID | |
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:40:14.325Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "92410", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92410", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-04T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "92410", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92410", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-2984", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "92410", refsource: "BID", url: "http://www.securityfocus.com/bid/92410", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-2984", datePublished: "2016-11-25T03:38:00", dateReserved: "2016-03-09T00:00:00", dateUpdated: "2024-08-05T23:40:14.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4851
Vulnerability from cvelistv5
Published
2021-03-16 13:55
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6405774 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190450 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.5.4 Version: 5.1.0 Version: 5.1.0.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:59.088Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6405774", }, { name: "ibm-spectrum-cve20204851-log-poisoning (190450)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190450", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.5.4", }, { status: "affected", version: "5.1.0", }, { status: "affected", version: "5.1.0.1", }, ], }, ], datePublic: "2021-03-15T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.5, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/I:N/AV:L/UI:N/C:L/PR:N/AC:L/S:U/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Data Manipulation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-16T13:55:15", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6405774", }, { name: "ibm-spectrum-cve20204851-log-poisoning (190450)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190450", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-03-15T00:00:00", ID: "CVE-2020-4851", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.5.4", }, { version_value: "5.1.0", }, { version_value: "5.1.0.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Data Manipulation", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6405774", refsource: "CONFIRM", title: "IBM Security Bulletin 6405774 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6405774", }, { name: "ibm-spectrum-cve20204851-log-poisoning (190450)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190450", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4851", datePublished: "2021-03-16T13:55:15.581564Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T18:29:04.277Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4412
Vulnerability from cvelistv5
Published
2020-05-19 13:15
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6209004 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/179987 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 4.2.0.0 Version: 5.0.0.0 Version: 5.0.4.3 Version: 4.2.3.21 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:47.610Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6209004", }, { name: "ibm-spectrum-cve20204412-dos (179987)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179987", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.2.0.0", }, { status: "affected", version: "5.0.0.0", }, { status: "affected", version: "5.0.4.3", }, { status: "affected", version: "4.2.3.21", }, ], }, ], datePublic: "2020-05-18T00:00:00", descriptions: [ { lang: "en", value: "The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:L/S:U/AV:N/PR:N/UI:N/C:N/I:N/AC:L/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-19T13:15:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6209004", }, { name: "ibm-spectrum-cve20204412-dos (179987)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179987", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-05-18T00:00:00", ID: "CVE-2020-4412", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.2.0.0", }, { version_value: "5.0.0.0", }, { version_value: "5.0.4.3", }, { version_value: "4.2.3.21", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6209004", refsource: "CONFIRM", title: "IBM Security Bulletin 6209004 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6209004", }, { name: "ibm-spectrum-cve20204412-dos (179987)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179987", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4412", datePublished: "2020-05-19T13:15:20.199553Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T20:17:45.429Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29667
Vulnerability from cvelistv5
Published
2021-04-27 16:32
Modified
2024-09-16 21:58
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6447107 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199403 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0 Version: 5.1 Version: 5.1.0.2 Version: 5.0.5.6 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:11:06.359Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6447107", }, { name: "ibm-spectrum-cve202129667-csv-injection (199403)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199403", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0", }, { status: "affected", version: "5.1", }, { status: "affected", version: "5.1.0.2", }, { status: "affected", version: "5.0.5.6", }, ], }, ], datePublic: "2021-04-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.1, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/C:H/A:H/UI:R/PR:N/AV:L/I:H/S:U/AC:H/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-27T16:32:52", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6447107", }, { name: "ibm-spectrum-cve202129667-csv-injection (199403)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199403", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-04-26T00:00:00", ID: "CVE-2021-29667", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0", }, { version_value: "5.1", }, { version_value: "5.1.0.2", }, { version_value: "5.0.5.6", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "L", C: "H", I: "H", PR: "N", S: "U", UI: "R", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6447107", refsource: "CONFIRM", title: "IBM Security Bulletin 6447107 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6447107", }, { name: "ibm-spectrum-cve202129667-csv-injection (199403)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199403", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29667", datePublished: "2021-04-27T16:32:53.068503Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T21:58:07.196Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4492
Vulnerability from cvelistv5
Published
2020-08-31 12:55
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6324249 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/181992 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 4.2.0.0 Version: 5.0.0.0 Version: 5.0.4.3 Version: 4.2.3.21 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:49.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6324249", }, { name: "ibm-spectrum-cve20204492-dos (181992)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181992", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.2.0.0", }, { status: "affected", version: "5.0.0.0", }, { status: "affected", version: "5.0.4.3", }, { status: "affected", version: "4.2.3.21", }, ], }, ], datePublic: "2020-08-28T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/C:N/UI:N/AC:L/A:H/PR:N/S:U/AV:L/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-31T12:55:14", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6324249", }, { name: "ibm-spectrum-cve20204492-dos (181992)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181992", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-08-28T00:00:00", ID: "CVE-2020-4492", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.2.0.0", }, { version_value: "5.0.0.0", }, { version_value: "5.0.4.3", }, { version_value: "4.2.3.21", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6324249", refsource: "CONFIRM", title: "IBM Security Bulletin 6324249 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6324249", }, { name: "ibm-spectrum-cve20204492-dos (181992)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181992", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4492", datePublished: "2020-08-31T12:55:14.240641Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T23:11:18.566Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4217
Vulnerability from cvelistv5
Published
2020-03-09 14:40
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/5693463 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/175067 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0 Version: 4.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.348Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/5693463", }, { name: "ibm-spectrum-cve20204217-dos (175067)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175067", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0", }, { status: "affected", version: "4.2", }, ], }, ], datePublic: "2020-03-06T00:00:00", descriptions: [ { lang: "en", value: "The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/PR:N/C:N/AV:N/A:H/AC:L/UI:N/S:U/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-09T14:40:14", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/5693463", }, { name: "ibm-spectrum-cve20204217-dos (175067)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175067", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-03-06T00:00:00", ID: "CVE-2020-4217", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0", }, { version_value: "4.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/5693463", refsource: "CONFIRM", title: "IBM Security Bulletin 5693463 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/5693463", }, { name: "ibm-spectrum-cve20204217-dos (175067)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175067", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4217", datePublished: "2020-03-09T14:40:14.564394Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T23:51:38.046Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40607
Vulnerability from cvelistv5
Published
2022-12-19 19:36
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6848231 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/235740 | vdb-entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:21:46.515Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6848231", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/235740", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.</span>\n\n", }, ], value: "\nIBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T19:36:28.395Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6848231", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/235740", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Spectrum Scale directory traversal", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-40607", datePublished: "2022-12-19T19:36:28.395Z", dateReserved: "2022-09-12T19:35:30.247Z", dateUpdated: "2024-08-03T12:21:46.515Z", requesterUserId: "69938c14-a5a2-41ac-a450-71ed41911136", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4715
Vulnerability from cvelistv5
Published
2019-12-11 14:25
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/1118913 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/172093 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0 Version: 4.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.927Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1118913", }, { name: "ibm-spectrum-cve20194715-command-exec (172093)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172093", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0", }, { status: "affected", version: "4.2", }, ], }, ], datePublic: "2019-12-10T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/I:H/AC:L/S:U/PR:L/C:H/A:H/UI:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-11T14:25:18", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1118913", }, { name: "ibm-spectrum-cve20194715-command-exec (172093)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172093", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-12-10T00:00:00", ID: "CVE-2019-4715", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0", }, { version_value: "4.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1118913", refsource: "CONFIRM", title: "IBM Security Bulletin 1118913 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/1118913", }, { name: "ibm-spectrum-cve20194715-command-exec (172093)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172093", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4715", datePublished: "2019-12-11T14:25:18.166461Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T22:03:45.154Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4350
Vulnerability from cvelistv5
Published
2020-05-27 13:15
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6214480 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/178424 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.4.4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.361Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6214480", }, { name: "ibm-spectrum-cve20204350-info-disc (178424)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178424", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.4.4", }, ], }, ], datePublic: "2020-05-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:H/AV:N/AC:H/UI:N/S:U/I:N/A:N/PR:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-27T13:15:29", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6214480", }, { name: "ibm-spectrum-cve20204350-info-disc (178424)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178424", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-05-26T00:00:00", ID: "CVE-2020-4350", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.4.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6214480", refsource: "CONFIRM", title: "IBM Security Bulletin 6214480 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6214480", }, { name: "ibm-spectrum-cve20204350-info-disc (178424)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178424", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4350", datePublished: "2020-05-27T13:15:29.238768Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T00:06:12.764Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1782
Vulnerability from cvelistv5
Published
2018-09-19 15:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10730967 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/148805 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.1.0 Version: 5.0.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:07:44.353Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10730967", }, { name: "ibm-spectrum-cve20181782-dos(148805)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148805", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.1.0", }, { status: "affected", version: "5.0.1.1", }, ], }, ], datePublic: "2018-09-17T00:00:00", descriptions: [ { lang: "en", value: "IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:N/PR:L/S:C/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-19T14:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10730967", }, { name: "ibm-spectrum-cve20181782-dos(148805)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148805", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-09-17T00:00:00", ID: "CVE-2018-1782", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.1.0", }, { version_value: "5.0.1.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "N", I: "N", PR: "L", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10730967", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10730967", }, { name: "ibm-spectrum-cve20181782-dos(148805)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148805", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1782", datePublished: "2018-09-19T15:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-17T02:41:39.089Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1654
Vulnerability from cvelistv5
Published
2018-03-02 17:00
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/133378 | x_refsource_MISC | |
http://www.securitytracker.com/id/1040747 | vdb-entry, x_refsource_SECTRACK | |
http://www.ibm.com/support/docview.wss?uid=ssg1S1010869 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 4.1.1 Version: 4.2.0 Version: 4.2.1 Version: 4.2.2 Version: 4.2.3 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:39:31.875Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378", }, { name: "1040747", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040747", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.2.0", }, { status: "affected", version: "4.2.1", }, { status: "affected", version: "4.2.2", }, { status: "affected", version: "4.2.3", }, ], }, ], datePublic: "2018-02-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:L/AV:L/C:L/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-25T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378", }, { name: "1040747", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040747", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2018-02-26T00:00:00", ID: "CVE-2017-1654", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.1.1", }, { version_value: "4.2.0", }, { version_value: "4.2.1", }, { version_value: "4.2.2", }, { version_value: "4.2.3", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378", }, { name: "1040747", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040747", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2017-1654", datePublished: "2018-03-02T17:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-16T18:54:11.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43869
Vulnerability from cvelistv5
Published
2023-02-08 18:47
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6909469 | vendor-advisory | |
https://www.ibm.com/support/pages/node/6909465 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/239539 | vdb-entry |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | Elastic Storage System |
Version: 6.1.0.0 ≤ |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.720Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6909469", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6909465", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Elastic Storage System", vendor: "IBM", versions: [ { lessThan: "6.1.2.4", status: "affected", version: "6.1.0.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Spectrum Scale", vendor: "IBM", versions: [ { lessThan: "5.1.2.8", status: "affected", version: "5.1.0.0", versionType: "semver", }, { lessThan: "5.1.5.1", status: "affected", version: "5.1.3.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.", }, ], value: "IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-134", description: "CWE-134 Use of Externally-Controlled Format String", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-12T01:45:42.615671Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6909469", }, { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6909465", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Spectrum Scale denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-43869", datePublished: "2023-02-08T18:47:17.320Z", dateReserved: "2022-10-26T15:46:22.824Z", dateUpdated: "2024-08-03T13:40:06.720Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4349
Vulnerability from cvelistv5
Published
2020-05-27 13:15
Modified
2024-09-16 17:18
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6214482 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/178423 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.4.4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.711Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6214482", }, { name: "ibm-spectrum-cve20204349-info-disc (178423)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178423", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.4.4", }, ], }, ], datePublic: "2020-05-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/I:N/PR:N/AV:N/C:H/S:U/UI:N/AC:H/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-27T13:15:28", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6214482", }, { name: "ibm-spectrum-cve20204349-info-disc (178423)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178423", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-05-26T00:00:00", ID: "CVE-2020-4349", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.4.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6214482", refsource: "CONFIRM", title: "IBM Security Bulletin 6214482 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6214482", }, { name: "ibm-spectrum-cve20204349-info-disc (178423)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178423", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4349", datePublished: "2020-05-27T13:15:28.747268Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T17:18:48.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4411
Vulnerability from cvelistv5
Published
2020-05-19 13:15
Modified
2024-09-17 02:12
Severity ?
EPSS score ?
Summary
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6209002 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/179986 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 4.2.0.0 Version: 5.0.0.0 Version: 5.0.4.3 Version: 4.2.3.21 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:07:47.619Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6209002", }, { name: "ibm-spectrum-cve20204411-dos (179986)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179986", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.2.0.0", }, { status: "affected", version: "5.0.0.0", }, { status: "affected", version: "5.0.4.3", }, { status: "affected", version: "4.2.3.21", }, ], }, ], datePublic: "2020-05-18T00:00:00", descriptions: [ { lang: "en", value: "The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 6.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/I:N/C:N/UI:N/PR:N/AV:L/S:C/A:H/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-19T13:15:19", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6209002", }, { name: "ibm-spectrum-cve20204411-dos (179986)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179986", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-05-18T00:00:00", ID: "CVE-2020-4411", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.2.0.0", }, { version_value: "5.0.0.0", }, { version_value: "5.0.4.3", }, { version_value: "4.2.3.21", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "N", I: "N", PR: "N", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6209002", refsource: "CONFIRM", title: "IBM Security Bulletin 6209002 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6209002", }, { name: "ibm-spectrum-cve20204411-dos (179986)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179986", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4411", datePublished: "2020-05-19T13:15:19.755895Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T02:12:04.316Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1993
Vulnerability from cvelistv5
Published
2019-01-08 17:00
Modified
2024-09-16 16:27
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/154440 | vdb-entry, x_refsource_XF | |
https://www.ibm.com/support/docview.wss?uid=ibm10793719 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/106485 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 4.1.1 Version: 4.2.0 Version: 4.2.1 Version: 4.2.2 Version: 4.2.3 Version: 5.0.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:14:39.628Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ibm-gpfs-cve20181993-info-disc(154440)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154440", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10793719", }, { name: "106485", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106485", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.2.0", }, { status: "affected", version: "4.2.1", }, { status: "affected", version: "4.2.2", }, { status: "affected", version: "4.2.3", }, { status: "affected", version: "5.0.0", }, ], }, ], datePublic: "2019-01-03T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.5, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/AC:L/AV:L/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-10T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "ibm-gpfs-cve20181993-info-disc(154440)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154440", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10793719", }, { name: "106485", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106485", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-01-03T00:00:00", ID: "CVE-2018-1993", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.1.1", }, { version_value: "4.2.0", }, { version_value: "4.2.1", }, { version_value: "4.2.2", }, { version_value: "4.2.3", }, { version_value: "5.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "ibm-gpfs-cve20181993-info-disc(154440)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154440", }, { name: "https://www.ibm.com/support/docview.wss?uid=ibm10793719", refsource: "CONFIRM", url: "https://www.ibm.com/support/docview.wss?uid=ibm10793719", }, { name: "106485", refsource: "BID", url: "http://www.securityfocus.com/bid/106485", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2018-1993", datePublished: "2019-01-08T17:00:00Z", dateReserved: "2017-12-13T00:00:00", dateUpdated: "2024-09-16T16:27:57.707Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4379
Vulnerability from cvelistv5
Published
2020-05-27 13:15
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6214483 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/179158 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.4.4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.374Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6214483", }, { name: "ibm-spectrum-cve20204379-info-disc (179158)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179158", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.4.4", }, ], }, ], datePublic: "2020-05-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/C:H/AC:H/UI:N/S:U/PR:N/I:N/A:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-27T13:15:30", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6214483", }, { name: "ibm-spectrum-cve20204379-info-disc (179158)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179158", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-05-26T00:00:00", ID: "CVE-2020-4379", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.4.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6214483", refsource: "CONFIRM", title: "IBM Security Bulletin 6214483 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6214483", }, { name: "ibm-spectrum-cve20204379-info-disc (179158)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179158", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4379", datePublished: "2020-05-27T13:15:31.065319Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T22:56:36.092Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0263
Vulnerability from cvelistv5
Published
2016-06-29 01:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.
References
▼ | URL | Tags |
---|---|---|
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005708 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1036458 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/90525 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:15:23.219Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005708", }, { name: "1036458", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036458", }, { name: "90525", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/90525", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-02T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-31T09:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005708", }, { name: "1036458", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036458", }, { name: "90525", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/90525", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-0263", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005708", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005708", }, { name: "1036458", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036458", }, { name: "90525", refsource: "BID", url: "http://www.securityfocus.com/bid/90525", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-0263", datePublished: "2016-06-29T01:00:00", dateReserved: "2015-12-08T00:00:00", dateUpdated: "2024-08-05T22:15:23.219Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4358
Vulnerability from cvelistv5
Published
2020-05-27 13:15
Modified
2024-09-17 02:58
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6214481 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/178762 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.4.4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.619Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6214481", }, { name: "ibm-spectrum-cve20204358-xss (178762)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178762", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.4.4", }, ], }, ], datePublic: "2020-05-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/PR:L/I:L/A:N/C:L/AV:N/AC:L/UI:R/S:C/RC:C/E:H/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-27T13:15:30", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6214481", }, { name: "ibm-spectrum-cve20204358-xss (178762)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178762", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-05-26T00:00:00", ID: "CVE-2020-4358", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.4.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6214481", refsource: "CONFIRM", title: "IBM Security Bulletin 6214481 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6214481", }, { name: "ibm-spectrum-cve20204358-xss (178762)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178762", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4358", datePublished: "2020-05-27T13:15:30.124362Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T02:58:21.823Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4242
Vulnerability from cvelistv5
Published
2020-03-31 14:31
Modified
2024-09-16 20:58
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6114130 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/175419 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Protect Plus |
Version: 10.1.0 Version: 10.1.5 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.335Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6114130", }, { name: "ibm-spectrum-cve20204242-command-injection (175419)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175419", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Protect Plus", vendor: "IBM", versions: [ { status: "affected", version: "10.1.0", }, { status: "affected", version: "10.1.5", }, ], }, ], datePublic: "2020-03-30T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/A:H/AV:N/PR:L/AC:L/C:H/UI:N/I:H/S:U/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-31T14:31:54", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6114130", }, { name: "ibm-spectrum-cve20204242-command-injection (175419)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175419", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-03-30T00:00:00", ID: "CVE-2020-4242", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Protect Plus", version: { version_data: [ { version_value: "10.1.0", }, { version_value: "10.1.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6114130", refsource: "CONFIRM", title: "IBM Security Bulletin 6114130 (Spectrum Protect Plus)", url: "https://www.ibm.com/support/pages/node/6114130", }, { name: "ibm-spectrum-cve20204242-command-injection (175419)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175419", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4242", datePublished: "2020-03-31T14:31:54.455271Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T20:58:12.688Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4749
Vulnerability from cvelistv5
Published
2020-10-20 14:15
Modified
2024-09-17 01:11
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6349449 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/188518 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.5.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:57.690Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6349449", }, { name: "ibm-spectrum-cve20204749-info-disc (188518)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188518", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.5.2", }, ], }, ], datePublic: "2020-10-19T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/C:L/A:N/AV:N/AC:L/S:U/I:N/PR:N/UI:R/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T14:15:33", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6349449", }, { name: "ibm-spectrum-cve20204749-info-disc (188518)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188518", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-10-19T00:00:00", ID: "CVE-2020-4749", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.5.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "R", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6349449", refsource: "CONFIRM", title: "IBM Security Bulletin 6349449 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6349449", }, { name: "ibm-spectrum-cve20204749-info-disc (188518)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188518", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4749", datePublished: "2020-10-20T14:15:33.677493Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T01:11:47.263Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22368
Vulnerability from cvelistv5
Published
2022-05-03 18:20
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6579139 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/221012 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.1.0 Version: 5.1.3.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:54.947Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6579139", }, { name: "ibm-spectrum-cve202222368-info-disc (221012)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221012", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.1.0", }, { status: "affected", version: "5.1.3.0", }, ], }, ], datePublic: "2022-05-02T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/AV:N/A:N/S:U/C:H/PR:N/UI:N/AC:H/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-03T18:20:13", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6579139", }, { name: "ibm-spectrum-cve202222368-info-disc (221012)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221012", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-05-02T00:00:00", ID: "CVE-2022-22368", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.1.0", }, { version_value: "5.1.3.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6579139", refsource: "CONFIRM", title: "IBM Security Bulletin 6579139 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6579139", }, { name: "ibm-spectrum-cve202222368-info-disc (221012)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221012", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22368", datePublished: "2022-05-03T18:20:13.382615Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-16T22:45:44.339Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4259
Vulnerability from cvelistv5
Published
2019-05-13 15:55
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10883568 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/160011 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 4.1.1 Version: 4.2.0 Version: 4.2.1 Version: 4.2.2 Version: 4.2.3 Version: 5.0.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.510Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10883568", }, { name: "ibm-spectrum-cve20194259-info-disc (160011)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.2.0", }, { status: "affected", version: "4.2.1", }, { status: "affected", version: "4.2.2", }, { status: "affected", version: "4.2.3", }, { status: "affected", version: "5.0.0", }, ], }, ], datePublic: "2019-05-10T00:00:00", descriptions: [ { lang: "en", value: "A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.5, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/C:L/S:U/A:N/AC:L/PR:N/UI:N/AV:L/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-13T15:55:19", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10883568", }, { name: "ibm-spectrum-cve20194259-info-disc (160011)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160011", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-05-10T00:00:00", ID: "CVE-2019-4259", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.1.1", }, { version_value: "4.2.0", }, { version_value: "4.2.1", }, { version_value: "4.2.2", }, { version_value: "4.2.3", }, { version_value: "5.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10883568", refsource: "CONFIRM", title: "IBM Security Bulletin 883568 (Spectrum Scale)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10883568", }, { name: "ibm-spectrum-cve20194259-info-disc (160011)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160011", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4259", datePublished: "2019-05-13T15:55:19.101426Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T19:41:57.115Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4378
Vulnerability from cvelistv5
Published
2020-05-27 13:15
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6214484 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/179157 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.4.4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.360Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6214484", }, { name: "ibm-spectrum-cve20204378-sec-bypass (179157)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179157", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.4.4", }, ], }, ], datePublic: "2020-05-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "HIGH", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.3, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/UI:N/AC:L/C:N/AV:N/A:N/I:H/PR:H/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Bypass Security", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-27T13:15:30", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6214484", }, { name: "ibm-spectrum-cve20204378-sec-bypass (179157)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179157", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-05-26T00:00:00", ID: "CVE-2020-4378", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.4.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "N", I: "H", PR: "H", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Bypass Security", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6214484", refsource: "CONFIRM", title: "IBM Security Bulletin 6214484 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6214484", }, { name: "ibm-spectrum-cve20204378-sec-bypass (179157)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179157", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4378", datePublished: "2020-05-27T13:15:30.575633Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T17:28:06.103Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4927
Vulnerability from cvelistv5
Published
2023-03-15 18:11
Modified
2024-08-04 08:14
Severity ?
EPSS score ?
Summary
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6960571 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/191695 | vdb-entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.5.0 ≤ |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:59.231Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6960571", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191695", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Spectrum Scale", vendor: "IBM", versions: [ { lessThan: "5.1.6.1", status: "affected", version: "5.0.5.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.", }, ], value: "A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-15T18:11:14.873Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6960571", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191695", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Spectrum Scale information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4927", datePublished: "2023-03-15T18:11:14.873Z", dateReserved: "2019-12-30T00:00:00.000Z", dateUpdated: "2024-08-04T08:14:59.231Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30434
Vulnerability from cvelistv5
Published
2023-05-05 14:03
Modified
2024-08-02 14:21
Severity ?
EPSS score ?
Summary
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6988363 | vendor-advisory | |
https://www.ibm.com/support/pages/node/6988365 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/252187 | vdb-entry |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | Elastic Storage System |
Version: 6.1.0.0 ≤ 6.1.2.5 Version: 6.1.3.0 ≤ 6.1.6.0 |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:21:44.927Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6988363", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6988365", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252187", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Elastic Storage System", vendor: "IBM", versions: [ { lessThanOrEqual: "6.1.2.5", status: "affected", version: "6.1.0.0", versionType: "semver", }, { lessThanOrEqual: "6.1.6.0", status: "affected", version: "6.1.3.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Spectrum Scale", vendor: "IBM", versions: [ { lessThanOrEqual: "5.1.2.9", status: "affected", version: "5.1.0.0", versionType: "semver", }, { lessThanOrEqual: "5.1.6.1", status: "affected", version: "5.1.3.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.", }, ], value: "IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-05T14:03:16.921Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6988363", }, { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6988365", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252187", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Storage Scale denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-30434", datePublished: "2023-05-05T14:03:16.921Z", dateReserved: "2023-04-08T15:56:20.543Z", dateUpdated: "2024-08-02T14:21:44.927Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4357
Vulnerability from cvelistv5
Published
2020-05-27 13:15
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6214478 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/178761 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Scale |
Version: 5.0.0 Version: 5.0.4.4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.386Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6214478", }, { name: "ibm-spectrum-cve20204357-info-disc (178761)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178761", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM", versions: [ { status: "affected", version: "5.0.0", }, { status: "affected", version: "5.0.4.4", }, ], }, ], datePublic: "2020-05-26T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/I:N/PR:L/S:U/UI:N/AC:L/C:L/AV:N/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-27T13:15:29", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6214478", }, { name: "ibm-spectrum-cve20204357-info-disc (178761)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178761", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-05-26T00:00:00", ID: "CVE-2020-4357", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "5.0.0", }, { version_value: "5.0.4.4", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6214478", refsource: "CONFIRM", title: "IBM Security Bulletin 6214478 (Spectrum Scale)", url: "https://www.ibm.com/support/pages/node/6214478", }, { name: "ibm-spectrum-cve20204357-info-disc (178761)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178761", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4357", datePublished: "2020-05-27T13:15:29.671414Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T02:11:27.796Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6115
Vulnerability from cvelistv5
Published
2017-02-01 22:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/95272 | vdb-entry, x_refsource_BID | |
http://www.ibm.com/support/docview.wss?uid=ssg1S1009639 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM Corporation | Spectrum Scale |
Version: 4.1.1 Version: 4.2.0 Version: 4.2.1 Version: 4.2.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:22:20.618Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "95272", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95272", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1009639", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Scale", vendor: "IBM Corporation", versions: [ { status: "affected", version: "4.1.1", }, { status: "affected", version: "4.2.0", }, { status: "affected", version: "4.2.1", }, { status: "affected", version: "4.2.2", }, ], }, ], datePublic: "2017-01-03T00:00:00", descriptions: [ { lang: "en", value: "IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.", }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-02T10:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "95272", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95272", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1009639", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2016-6115", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Scale", version: { version_data: [ { version_value: "4.1.1", }, { version_value: "4.2.0", }, { version_value: "4.2.1", }, { version_value: "4.2.2", }, ], }, }, ], }, vendor_name: "IBM Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "95272", refsource: "BID", url: "http://www.securityfocus.com/bid/95272", }, { name: "http://www.ibm.com/support/docview.wss?uid=ssg1S1009639", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1009639", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2016-6115", datePublished: "2017-02-01T22:00:00", dateReserved: "2016-06-29T00:00:00", dateUpdated: "2024-08-06T01:22:20.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4241
Vulnerability from cvelistv5
Published
2020-03-31 14:31
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418.
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6114130 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/175418 | vdb-entry, x_refsource_XF |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Spectrum Protect Plus |
Version: 10.1.0 Version: 10.1.5 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:00:07.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6114130", }, { name: "ibm-spectrum-cve20204241-command-exec (175418)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175418", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spectrum Protect Plus", vendor: "IBM", versions: [ { status: "affected", version: "10.1.0", }, { status: "affected", version: "10.1.5", }, ], }, ], datePublic: "2020-03-30T00:00:00", descriptions: [ { lang: "en", value: "IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/I:H/S:U/A:H/AV:N/PR:L/AC:H/C:H/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-31T14:31:51", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6114130", }, { name: "ibm-spectrum-cve20204241-command-exec (175418)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175418", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-03-30T00:00:00", ID: "CVE-2020-4241", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spectrum Protect Plus", version: { version_data: [ { version_value: "10.1.0", }, { version_value: "10.1.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "H", I: "H", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6114130", refsource: "CONFIRM", title: "IBM Security Bulletin 6114130 (Spectrum Protect Plus)", url: "https://www.ibm.com/support/pages/node/6114130", }, { name: "ibm-spectrum-cve20204241-command-exec (175418)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175418", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4241", datePublished: "2020-03-31T14:31:51.851113Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T19:10:59.766Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-05-05 15:15
Modified
2024-11-21 08:00
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/252187 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6988363 | Patch, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6988365 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/252187 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6988363 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6988365 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | elastic_storage_system | * | |
ibm | elastic_storage_system | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*", matchCriteriaId: "E86D735A-E083-4F28-A5CA-008CE54BFC06", versionEndExcluding: "6.1.2.6", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*", matchCriteriaId: "3C62D63F-902A-494C-842F-CF3810E232DC", versionEndExcluding: "6.1.6.1", versionStartIncluding: "6.1.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "A43A3461-1512-4B3C-BEC2-09ACEB3372E1", versionEndIncluding: "5.1.2.9", versionStartIncluding: "5.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "FF53771C-2D6E-46FB-A7AA-FA48914F99AD", versionEndIncluding: "5.1.6.1", versionStartIncluding: "5.1.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.", }, ], id: "CVE-2023-30434", lastModified: "2024-11-21T08:00:10.550", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-05T15:15:10.117", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252187", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6988363", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6988365", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252187", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6988363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6988365", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-20 15:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "5B5265F0-2EAF-42DC-840A-F1F6CE464511", versionEndIncluding: "5.0.5.2", versionStartExcluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. IBM X-Force ID: 188517", }, ], id: "CVE-2020-4748", lastModified: "2024-11-21T05:33:12.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-20T15:15:13.137", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188517", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349449", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-01 22:59
Modified
2024-11-21 02:55
Severity ?
Summary
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ssg1S1009639 | Patch, Vendor Advisory | |
psirt@us.ibm.com | http://www.securityfocus.com/bid/95272 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ssg1S1009639 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95272 | Third Party Advisory, VDB Entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | general_parallel_file_system | 4.1.0.0 | |
ibm | general_parallel_file_system | 4.1.0.1 | |
ibm | general_parallel_file_system | 4.1.0.2 | |
ibm | general_parallel_file_system | 4.1.0.3 | |
ibm | general_parallel_file_system | 4.1.0.4 | |
ibm | general_parallel_file_system | 4.1.0.5 | |
ibm | general_parallel_file_system | 4.1.0.6 | |
ibm | general_parallel_file_system | 4.1.0.7 | |
ibm | general_parallel_file_system | 4.1.0.8 | |
ibm | spectrum_scale | 4.1.0.0 | |
ibm | spectrum_scale | 4.1.1.0 | |
ibm | spectrum_scale | 4.1.1.1 | |
ibm | spectrum_scale | 4.1.1.2 | |
ibm | spectrum_scale | 4.1.1.3 | |
ibm | spectrum_scale | 4.1.1.4 | |
ibm | spectrum_scale | 4.1.1.5 | |
ibm | spectrum_scale | 4.1.1.6 | |
ibm | spectrum_scale | 4.1.1.7 | |
ibm | spectrum_scale | 4.1.1.8 | |
ibm | spectrum_scale | 4.1.1.9 | |
ibm | spectrum_scale | 4.1.1.10 | |
ibm | spectrum_scale | 4.2.0.0 | |
ibm | spectrum_scale | 4.2.0.1 | |
ibm | spectrum_scale | 4.2.0.2 | |
ibm | spectrum_scale | 4.2.0.3 | |
ibm | spectrum_scale | 4.2.1 | |
ibm | spectrum_scale | 4.2.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E78F4327-0160-467E-8C2C-BDEBB4149227", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BDD19B4F-5738-4CB1-99FC-F40FDA8388AE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B497D629-62AB-4F21-BDF4-02336A19E04C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "10E68BB2-4132-46F1-B8E9-9FA03FEB92BF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1CBA1A7-02AF-4D59-A6FF-9C52903986EE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "BEAC1912-1412-45B6-920C-A52510095977", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "59A4A5C6-8DF0-4431-BE2C-5C6815371C98", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F90908FF-0E10-4AFD-A38C-4D5E50C05FF3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "591E5985-29A1-4C06-8832-DA1587CFE101", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "09C3AC64-B03E-4C63-B47D-608795A24321", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2E29D816-7A73-47EA-8DE6-E553CA0D1079", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "18C5A85C-F932-44CF-B3EA-691737C96C52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9385B07C-881D-4A4E-A0F5-FF1BC88F8CFF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "27319318-1C09-4CEE-BAE2-6E52C8FD8DCA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "85F22D48-CB9C-434A-AFD7-50E4E980D1DA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "52D0326F-B03A-4476-8E94-BC0D8ADD5321", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "564BDF5A-EAFF-47F5-A670-2019BB508DD5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "5E93E3DC-F8FA-493F-AD79-0DED309F3D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "1578B640-B312-4BE8-8036-9DCC7201B04E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.9:*:*:*:*:*:*:*", matchCriteriaId: "07B77EAE-2C00-4FC9-82F1-42638E7948A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.10:*:*:*:*:*:*:*", matchCriteriaId: "B33EDF97-2750-4041-BCA3-77E1235173AF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9A55A717-5CA2-4073-80AA-16044EC23B7B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11BAE960-B5C8-4566-8D18-B2754069C933", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "D788F7B7-E3F5-495D-BF0D-EB5D6A57D84F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "33B349F3-C4A5-4EDA-8579-17AF297E4BA0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "36357865-3811-45EF-98CB-0FA7D2FC0497", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "6E32967B-9D22-4120-8C58-FCCC2ECC424F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.", }, { lang: "es", value: "IBM General Parallel File System es vulnerable a un desbordamiento de búfer. Un atacante remoto autenticado podría desbordar un búfer y ejecutar código arbitrario en el sistema con privilegios de root o provocar que el servidor se caiga.", }, ], id: "CVE-2016-6115", lastModified: "2024-11-21T02:55:29.140", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-01T22:59:00.697", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1009639", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1009639", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95272", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-08 16:29
Modified
2024-11-21 04:00
Severity ?
4.0 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | http://www.securityfocus.com/bid/106485 | Third Party Advisory, VDB Entry | |
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/154440 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10793719 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106485 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/154440 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10793719 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "1A9EE41D-4BAE-453B-95B7-DAB30214BEC3", versionEndIncluding: "4.1.1.21", versionStartIncluding: "4.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "2942C276-69E5-4754-ACF7-E9C8BEB6CBD0", versionEndIncluding: "4.2.3.11", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "B9EFCAB0-3266-4C88-B453-6A5736A2BE2E", versionEndIncluding: "5.0.2.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.", }, { lang: "es", value: "La habilitación del uso de la caché local de solo lectura (también conocida como Local Read Only Cache, LROC) en las versiones 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3 y 5.0.0 de IBM Spectrum Scale (GPFS) podría causar una operación de lectura en un archivo para devolver datos de un archivo distinto. IBM X-Force ID: 154440.", }, ], id: "CVE-2018-1993", lastModified: "2024-11-21T04:00:42.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-08T16:29:00.403", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106485", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154440", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10793719", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/154440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10793719", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-27 05:59
Modified
2024-11-21 02:36
Severity ?
Summary
IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | 4.1.1.0 | |
ibm | spectrum_scale | 4.1.1.1 | |
ibm | spectrum_scale | 4.1.1.2 | |
ibm | spectrum_scale | 4.2.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2E29D816-7A73-47EA-8DE6-E553CA0D1079", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "18C5A85C-F932-44CF-B3EA-691737C96C52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9385B07C-881D-4A4E-A0F5-FF1BC88F8CFF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9A55A717-5CA2-4073-80AA-16044EC23B7B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.", }, { lang: "es", value: "IBM Spectrum Scale 4.1.1.x en versiones anteriores a 4.1.1.4 y 4.2.x en versiones anteriores a 4.2.0.1, en ciertas configuraciones de protocolo LDAP File, permite a atacantes remotos descubrir una contraseña LDAP a través de vectores no especificados.", }, ], id: "CVE-2015-7488", lastModified: "2024-11-21T02:36:51.870", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-27T05:59:02.323", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005580", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005580", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-20 15:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/188518 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6349449 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/188518 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6349449 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "5B5265F0-2EAF-42DC-840A-F1F6CE464511", versionEndIncluding: "5.0.5.2", versionStartExcluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.2 no establece el atributo seguro en tokens de autorización o cookies de sesión. Los atacantes pueden ser capaces de obtener los valores de las cookies al enviar un enlace http:// a un usuario o colocando este enlace en un sitio al que accede el usuario. La cookie se enviará al enlace no seguro y el atacante podrá obtener el valor de la cookie al rastrear el tráfico. IBM X-Force ID: 188518", }, ], id: "CVE-2020-4749", lastModified: "2024-11-21T05:33:12.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-20T15:15:13.217", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188518", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188518", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349449", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-565", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-16 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190973 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6430147 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190973 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6430147 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "0516C8ED-E645-4547-A5E9-AE46FF35CE73", versionEndIncluding: "5.0.5.5", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "AF8CD452-4163-4ABF-8A73-B27C95A5B91F", versionEndIncluding: "5.1.0.2", versionStartIncluding: "5.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.5 y versiones 5.1.0 hasta 5.1.0.2, podría permitir a un usuario local con un rol válido en la API REST causar una denegación de servicio debido a una limitación de velocidad débil o ausente. IBM X-Force ID: 190973", }, ], id: "CVE-2020-4890", lastModified: "2024-11-21T05:33:22.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-16T14:15:13.177", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190973", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6430147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190973", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6430147", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-01 14:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/201474 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6457629 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/201474 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6457629 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "EFD2C84A-79C6-4986-AF5D-EABB5CDEA07D", versionEndExcluding: "5.0.5.7", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "447D64FF-47EB-4793-B3F3-87713691C1EF", versionEndExcluding: "5.1.1.0", versionStartIncluding: "5.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.6 y versiones 5.1.0 hasta 5.1.0.3, el componente system core está afectado por una vulnerabilidad de seguridad de cadena de formato. Un atacante podría ejecutar código arbitrario en el contexto de la memoria del proceso, escalando potencialmente los privilegios de su sistema y tomando el control de todo el sistema con acceso de root. IBM X-Force ID: 201474", }, ], id: "CVE-2021-29740", lastModified: "2024-11-21T06:01:43.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-01T14:15:09.877", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/201474", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6457629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/201474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6457629", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-134", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-19 20:15
Modified
2024-11-21 07:21
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/235740 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6848231 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/235740 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6848231 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "07B16690-D9ED-4B44-90C8-CFE40D8EB9F1", versionEndIncluding: "5.1.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.\n\n", }, { lang: "es", value: "IBM Spectrum Scale 5.1 podría permitir a los usuarios con permisos para crear pods, volúmenes persistentes y reclamaciones de volumen persistentes acceder a archivos y directorios fuera del volumen, incluso en el sistema de archivos del host. ID de IBM X-Force: 235740.", }, ], id: "CVE-2022-40607", lastModified: "2024-11-21T07:21:42.760", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-19T20:15:11.750", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/235740", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6848231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/235740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6848231", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-26 15:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190971 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6405776 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190971 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6405776 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | 5.1.0 | |
linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "BB01D1FB-FD6C-490D-A338-4FCC6617B5B7", versionEndIncluding: "5.0.5.4", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "150FF54F-5F44-4DE9-9789-FFDA6A5238C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.4 y versión 5.1.0, podría permitir a un usuario local envenene los archivos de registro que podrían afectar los esfuerzos de soporte y desarrollo. IBM X-Force ID: 190971", }, ], id: "CVE-2020-4889", lastModified: "2024-11-21T05:33:22.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-26T15:15:13.180", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190971", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6405776", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190971", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6405776", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-27 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/179157 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6214484 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/179157 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6214484 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "16EC9047-391F-4C49-9B11-BE69A39D10A2", versionEndIncluding: "5.0.4.4", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0.0 hasta 5.0.4.4, podría permitir a un usuario autentificado privilegiado llevar a cabo acciones no autorizadas usando un comando HTTP POST especialmente diseñado. IBM X-Force ID: 179157.", }, ], id: "CVE-2020-4378", lastModified: "2024-11-21T05:32:40.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-27T14:15:11.857", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179157", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214484", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-24 17:15
Modified
2024-11-21 05:33
Severity ?
Summary
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191600 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6565399 | Patch, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6589109 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191600 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6565399 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6589109 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | elastic_storage_system | * | |
ibm | spectrum_scale | * | |
linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*", matchCriteriaId: "163FDB0B-5307-4CD9-9FE8-4E5D188FD1DE", versionEndExcluding: "6.1.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "2832663B-B3D8-494A-9499-B881D4919B13", versionEndExcluding: "5.1.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.", }, { lang: "es", value: "Una vulnerabilidad en el componente core de Spectrum Scale 5.1 e IBM Elastic Storage System 6.1, podría permitir el acceso no autorizado a los datos del usuario o la inyección de datos arbitrarios en el protocolo de comunicación. IBM X-Force ID: 191600", }, ], id: "CVE-2020-4926", lastModified: "2024-11-21T05:33:26.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 4.2, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-24T17:15:07.863", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191600", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6565399", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6589109", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191600", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6565399", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6589109", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-19 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/179987 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6209004 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/179987 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6209004 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | aix | - | |
linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "6E1B6552-CECC-4F3A-A785-B32048798C99", versionEndIncluding: "4.2.3.21", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "A2908F78-BC39-4C1B-A83F-AFCA284F7498", versionEndIncluding: "5.0.4.3", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987.", }, { lang: "es", value: "El componente filesystem de Spectrum Scale versiones 4.2.0.0 hasta 4.2.3.21 y versiones 5.0.0.0 hasta 5.0.4.3, está afectado por una vulnerabilidad de seguridad de denegación de servicio. Un atacante puede obligar a los demonios mmfsd y mmsdrserv en Spectrum Scale a salir inesperadamente, impactando la funcionalidad del clúster de Spectrum Scale y la disponibilidad de los sistemas de archivos administrados por Spectrum Scale. IBM X-Force ID: 179987.", }, ], id: "CVE-2020-4412", lastModified: "2024-11-21T05:32:42.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-19T14:15:11.720", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179987", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6209004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6209004", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-25 03:59
Modified
2024-11-21 02:49
Severity ?
Summary
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2E29D816-7A73-47EA-8DE6-E553CA0D1079", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "18C5A85C-F932-44CF-B3EA-691737C96C52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9385B07C-881D-4A4E-A0F5-FF1BC88F8CFF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "27319318-1C09-4CEE-BAE2-6E52C8FD8DCA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "85F22D48-CB9C-434A-AFD7-50E4E980D1DA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "52D0326F-B03A-4476-8E94-BC0D8ADD5321", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "564BDF5A-EAFF-47F5-A670-2019BB508DD5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "5E93E3DC-F8FA-493F-AD79-0DED309F3D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "1578B640-B312-4BE8-8036-9DCC7201B04E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9A55A717-5CA2-4073-80AA-16044EC23B7B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11BAE960-B5C8-4566-8D18-B2754069C933", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "D788F7B7-E3F5-495D-BF0D-EB5D6A57D84F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "33B349F3-C4A5-4EDA-8579-17AF297E4BA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89F44D96-CDE6-405D-ACDB-D1B699F3ED9B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "FC456A68-AF06-4862-A8FF-DF96A398C25B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FC814EC9-DDBE-48AD-996F-4684348A31C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4D08020F-C3F5-4175-B671-73AA12E8F571", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "370EEC39-3CE4-43AD-AF18-D585D214130A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "78041991-E33E-4A0F-85A9-07ABC30253F2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DF402081-402A-4277-A83C-729DF038F25D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2F32AE31-9C7C-4FFC-A4FB-9C6D13D02E36", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "A3F9A954-7411-4977-8735-9F61CC3F5E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E8638C2C-434E-4716-BB4F-F759FFFAD008", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.10:*:*:*:*:*:*:*", matchCriteriaId: "37D91B69-57BC-4011-AD90-531B52C1C23A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.11:*:*:*:*:*:*:*", matchCriteriaId: "3061EBC4-981B-4C1E-B4B6-05CE75AC835C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.12:*:*:*:*:*:*:*", matchCriteriaId: "C3C114FE-1A1A-4048-BEF9-2C8637136FFC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.13:*:*:*:*:*:*:*", matchCriteriaId: "58466B0C-9811-42CB-8062-305143F0EC85", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.14:*:*:*:*:*:*:*", matchCriteriaId: "1C1C55A6-EDA7-4039-BB9F-793C08542B19", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.15:*:*:*:*:*:*:*", matchCriteriaId: "442E3A3A-3056-4D1F-BEBD-253FC48BA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.16:*:*:*:*:*:*:*", matchCriteriaId: "3BE5DA93-B2EB-438C-B698-75E5F116C02C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.17:*:*:*:*:*:*:*", matchCriteriaId: "61A5E812-9CBD-4FD1-B4A4-8E889B333B67", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.18:*:*:*:*:*:*:*", matchCriteriaId: "DC2D24BA-6A99-4A15-A7A7-E4EC054E9CDC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.19:*:*:*:*:*:*:*", matchCriteriaId: "75881EF9-571E-409B-ACA6-B74629FF432E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.20:*:*:*:*:*:*:*", matchCriteriaId: "4D9F09E3-A012-43A7-AD86-0E56F4F9810D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.21:*:*:*:*:*:*:*", matchCriteriaId: "7F886B47-11EE-4575-8AB9-AD96AF1D2571", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.22:*:*:*:*:*:*:*", matchCriteriaId: "B3071064-9366-4C0D-8F0C-EB3688A6631A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.23:*:*:*:*:*:*:*", matchCriteriaId: "264DFE33-BCBA-45A9-8225-9807AA3AC30B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.24:*:*:*:*:*:*:*", matchCriteriaId: "171FFBCB-6ECD-4355-9898-0EB76E7ABCA5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.25:*:*:*:*:*:*:*", matchCriteriaId: "10334B9D-7296-426D-9DCE-A12D42842CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.26:*:*:*:*:*:*:*", matchCriteriaId: "91CE891C-0901-4AFA-B7FD-3554EAF1B781", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.27:*:*:*:*:*:*:*", matchCriteriaId: "E001E389-CF46-4F25-825C-42D74449AEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.28:*:*:*:*:*:*:*", matchCriteriaId: "46BFDF57-1CF3-45FA-9989-E77D96CEE291", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.29:*:*:*:*:*:*:*", matchCriteriaId: "32051A82-BF76-439B-8D8C-B8EE5B6EAEA1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.30:*:*:*:*:*:*:*", matchCriteriaId: "5F15DE88-ED1E-48B7-A5F2-73278987B4B0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.31:*:*:*:*:*:*:*", matchCriteriaId: "AEE29E4D-65DE-4DEF-962D-2ECE5D62A846", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E78F4327-0160-467E-8C2C-BDEBB4149227", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BDD19B4F-5738-4CB1-99FC-F40FDA8388AE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B497D629-62AB-4F21-BDF4-02336A19E04C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "10E68BB2-4132-46F1-B8E9-9FA03FEB92BF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1CBA1A7-02AF-4D59-A6FF-9C52903986EE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "BEAC1912-1412-45B6-920C-A52510095977", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "59A4A5C6-8DF0-4431-BE2C-5C6815371C98", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F90908FF-0E10-4AFD-A38C-4D5E50C05FF3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "591E5985-29A1-4C06-8832-DA1587CFE101", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.", }, { lang: "es", value: "IBM Spectrum Scale 4.1.1.x en versiones anteriores a 4.1.1.8 y 4.2.x en versiones anteriores a 4.2.0.4 y General Parallel File System (GPFS) 3.5.x en versiones anteriores a 3.5.0.32 y 4.1.x en versiones anteriores a 4.1.1.8 permiten a usuarios locales obtener privilegios a través de parámetros de línea de comando manipulados a un programa setuid /usr/lpp/mmfs/bin/.", }, ], id: "CVE-2016-2984", lastModified: "2024-11-21T02:49:08.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-25T03:59:01.670", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/92410", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92410", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-03 19:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/221012 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6579139 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/221012 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6579139 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | aix | - | |
linux | linux_kernel | - | |
microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "4340DBAA-1B5A-484F-B77A-E0E9E0307614", versionEndIncluding: "5.1.3.0", versionStartIncluding: "5.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.1.0 hasta 5.1.3.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 221012", }, ], id: "CVE-2022-22368", lastModified: "2024-11-21T06:46:42.703", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-03T19:15:07.960", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221012", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6579139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6579139", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-03 13:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/175977 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6151701 | Mitigation, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/175977 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6151701 | Mitigation, Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "7F0CBAD4-5670-415B-8224-836022262A26", versionEndIncluding: "4.2.3.20", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "86CD0350-9000-461B-AB71-BFBA123557FD", versionEndIncluding: "5.0.4.2", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977.", }, { lang: "es", value: "IBM Spectrum Scale versiones 4.2 y 5.0, podría permitir a un atacante local sin privilegios con un conocimiento íntimo del entorno ejecutar comandos como root usando una entrada especialmente diseñada. ID de IBM X-Force: 175977.", }, ], id: "CVE-2020-4273", lastModified: "2024-11-21T05:32:30.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-03T13:15:13.263", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175977", }, { source: "psirt@us.ibm.com", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6151701", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175977", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6151701", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-19 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/179986 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6209002 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/179986 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6209002 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | aix | - | |
linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "6E1B6552-CECC-4F3A-A785-B32048798C99", versionEndIncluding: "4.2.3.21", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "A2908F78-BC39-4C1B-A83F-AFCA284F7498", versionEndIncluding: "5.0.4.3", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986.", }, { lang: "es", value: "El componente filesystem de Spectrum Scale versiones 4.2.0.0 hasta 4.2.3.21 y versiones 5.0.0.0 hasta 5.0.4.3, está afectado por una vulnerabilidad de denegación de servicio en su módulo kernel que podría permitir a un atacante causar una condición de denegación de servicio en el sistema afectado. Para explotar esta vulnerabilidad, un atacante local podría invocar un subconjunto de ioctls en el dispositivo Spectrum Scale con argumentos no válidos. Esto podría permitir a un atacante bloquear el kernel. IBM X-Force ID: 179986.", }, ], id: "CVE-2020-4411", lastModified: "2024-11-21T05:32:42.543", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-19T14:15:11.597", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179986", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6209002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179986", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6209002", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-29 01:59
Modified
2024-11-21 02:41
Severity ?
Summary
IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3412A6B4-21C3-4567-BDA4-FF3EA66ABB0D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "5D40637D-79CA-4CD3-8A0F-8573EFD51836", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "09352FA1-1E53-4DAA-8273-C39E9EC5C2C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "5C4C9F45-D5B9-477D-AC62-82586AE160FC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A78ED9BF-05B8-4F07-8D48-EBE8005A64ED", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "77DD7E7D-4989-4645-8787-6B0FC8EBA71F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "0D123D10-A15F-40A2-9BF1-53269259CD73", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "97697CA1-8158-4A3E-B9AA-2F61B527C620", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.9:*:*:*:*:*:*:*", matchCriteriaId: "43DCAC50-7374-47A4-AA3B-AA53C3256CA4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.10:*:*:*:*:*:*:*", matchCriteriaId: "3D0812E2-C758-45B2-ADCD-2D30195FCD4E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.11:*:*:*:*:*:*:*", matchCriteriaId: "8819B3D7-E048-4CFD-A036-FF81DE14CA9E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.12:*:*:*:*:*:*:*", matchCriteriaId: "61D20642-5AAB-47FE-A2BF-E820644C47B7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.13:*:*:*:*:*:*:*", matchCriteriaId: "48D1B5ED-5EFD-486D-A3C4-267516D3A782", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.14:*:*:*:*:*:*:*", matchCriteriaId: "9F0D3631-DB5F-4412-A5C4-ABDFFC7C2C99", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.15:*:*:*:*:*:*:*", matchCriteriaId: "02D54259-9F5B-4D41-9B54-B11578C4E933", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.16:*:*:*:*:*:*:*", matchCriteriaId: "92483FDC-8268-4675-B5D5-C9FF7C30A2B1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.17:*:*:*:*:*:*:*", matchCriteriaId: "EE142AE0-00FF-4DD5-946C-681369771602", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.18:*:*:*:*:*:*:*", matchCriteriaId: "764BE5C4-95AE-4CD4-8D45-E77007D6F1A1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.19:*:*:*:*:*:*:*", matchCriteriaId: "EEB0D90D-DAA1-4A04-B6EF-6ED0F232F2FA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.20:*:*:*:*:*:*:*", matchCriteriaId: "ED096F25-D7F9-469D-A991-49B5A0DA8AC6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.21:*:*:*:*:*:*:*", matchCriteriaId: "92502495-7607-4E4F-A111-43D0CB2AFD92", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.22:*:*:*:*:*:*:*", matchCriteriaId: "79BD219A-FF2D-47F1-84BF-60DCE5AB11BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.23:*:*:*:*:*:*:*", matchCriteriaId: "3D3B9C0C-C25E-4DBC-AD79-8F2378DD5F09", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.24:*:*:*:*:*:*:*", matchCriteriaId: "1008DB6C-FB3C-4DD1-B3D4-C5A2EFDF33EE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.25:*:*:*:*:*:*:*", matchCriteriaId: "0092597F-578C-40E1-ABDD-D62FB92B8198", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.26:*:*:*:*:*:*:*", matchCriteriaId: "BBD083B7-D8CA-4735-BEC0-8043C4CA15B7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.27:*:*:*:*:*:*:*", matchCriteriaId: "55502A4C-4CCC-4362-B5FA-1B604E1D22C5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.28:*:*:*:*:*:*:*", matchCriteriaId: "0321017B-34E2-4DAD-A032-25695881342A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system_storage_server:3.5.0.29:*:*:*:*:*:*:*", matchCriteriaId: "5D900767-FCB0-4850-A175-4DAA404FC7A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "18C5A85C-F932-44CF-B3EA-691737C96C52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9385B07C-881D-4A4E-A0F5-FF1BC88F8CFF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "27319318-1C09-4CEE-BAE2-6E52C8FD8DCA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "85F22D48-CB9C-434A-AFD7-50E4E980D1DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9A55A717-5CA2-4073-80AA-16044EC23B7B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11BAE960-B5C8-4566-8D18-B2754069C933", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.", }, { lang: "es", value: "IBM Spectrum Scale 4.1 en versiones anteriores a 4.1.1.5 y 4.2 en versiones anteriores a 4.2.0.2 y General Parallel File System 3.5 en versiones anteriores a 3.5.0.30 permiten a usuarios locales obtener privilegios o provocar una denegación de servicio a través de un comando mmapplypolicy manipulado.", }, ], id: "CVE-2016-0263", lastModified: "2024-11-21T02:41:22.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-29T01:59:03.743", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005708", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/90525", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1036458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005708", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/90525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036458", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-25 03:59
Modified
2024-11-21 02:49
Severity ?
Summary
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2E29D816-7A73-47EA-8DE6-E553CA0D1079", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "18C5A85C-F932-44CF-B3EA-691737C96C52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9385B07C-881D-4A4E-A0F5-FF1BC88F8CFF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "27319318-1C09-4CEE-BAE2-6E52C8FD8DCA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "85F22D48-CB9C-434A-AFD7-50E4E980D1DA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "52D0326F-B03A-4476-8E94-BC0D8ADD5321", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "564BDF5A-EAFF-47F5-A670-2019BB508DD5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "5E93E3DC-F8FA-493F-AD79-0DED309F3D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "1578B640-B312-4BE8-8036-9DCC7201B04E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9A55A717-5CA2-4073-80AA-16044EC23B7B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11BAE960-B5C8-4566-8D18-B2754069C933", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "D788F7B7-E3F5-495D-BF0D-EB5D6A57D84F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "33B349F3-C4A5-4EDA-8579-17AF297E4BA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89F44D96-CDE6-405D-ACDB-D1B699F3ED9B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "FC456A68-AF06-4862-A8FF-DF96A398C25B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FC814EC9-DDBE-48AD-996F-4684348A31C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4D08020F-C3F5-4175-B671-73AA12E8F571", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "370EEC39-3CE4-43AD-AF18-D585D214130A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "78041991-E33E-4A0F-85A9-07ABC30253F2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DF402081-402A-4277-A83C-729DF038F25D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2F32AE31-9C7C-4FFC-A4FB-9C6D13D02E36", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "A3F9A954-7411-4977-8735-9F61CC3F5E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E8638C2C-434E-4716-BB4F-F759FFFAD008", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.10:*:*:*:*:*:*:*", matchCriteriaId: "37D91B69-57BC-4011-AD90-531B52C1C23A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.11:*:*:*:*:*:*:*", matchCriteriaId: "3061EBC4-981B-4C1E-B4B6-05CE75AC835C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.12:*:*:*:*:*:*:*", matchCriteriaId: "C3C114FE-1A1A-4048-BEF9-2C8637136FFC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.13:*:*:*:*:*:*:*", matchCriteriaId: "58466B0C-9811-42CB-8062-305143F0EC85", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.14:*:*:*:*:*:*:*", matchCriteriaId: "1C1C55A6-EDA7-4039-BB9F-793C08542B19", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.15:*:*:*:*:*:*:*", matchCriteriaId: "442E3A3A-3056-4D1F-BEBD-253FC48BA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.16:*:*:*:*:*:*:*", matchCriteriaId: "3BE5DA93-B2EB-438C-B698-75E5F116C02C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.17:*:*:*:*:*:*:*", matchCriteriaId: "61A5E812-9CBD-4FD1-B4A4-8E889B333B67", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.18:*:*:*:*:*:*:*", matchCriteriaId: "DC2D24BA-6A99-4A15-A7A7-E4EC054E9CDC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.19:*:*:*:*:*:*:*", matchCriteriaId: "75881EF9-571E-409B-ACA6-B74629FF432E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.20:*:*:*:*:*:*:*", matchCriteriaId: "4D9F09E3-A012-43A7-AD86-0E56F4F9810D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.21:*:*:*:*:*:*:*", matchCriteriaId: "7F886B47-11EE-4575-8AB9-AD96AF1D2571", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.22:*:*:*:*:*:*:*", matchCriteriaId: "B3071064-9366-4C0D-8F0C-EB3688A6631A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.23:*:*:*:*:*:*:*", matchCriteriaId: "264DFE33-BCBA-45A9-8225-9807AA3AC30B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.24:*:*:*:*:*:*:*", matchCriteriaId: "171FFBCB-6ECD-4355-9898-0EB76E7ABCA5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.25:*:*:*:*:*:*:*", matchCriteriaId: "10334B9D-7296-426D-9DCE-A12D42842CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.26:*:*:*:*:*:*:*", matchCriteriaId: "91CE891C-0901-4AFA-B7FD-3554EAF1B781", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.27:*:*:*:*:*:*:*", matchCriteriaId: "E001E389-CF46-4F25-825C-42D74449AEBF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.28:*:*:*:*:*:*:*", matchCriteriaId: "46BFDF57-1CF3-45FA-9989-E77D96CEE291", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.29:*:*:*:*:*:*:*", matchCriteriaId: "32051A82-BF76-439B-8D8C-B8EE5B6EAEA1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.30:*:*:*:*:*:*:*", matchCriteriaId: "5F15DE88-ED1E-48B7-A5F2-73278987B4B0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.31:*:*:*:*:*:*:*", matchCriteriaId: "AEE29E4D-65DE-4DEF-962D-2ECE5D62A846", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E78F4327-0160-467E-8C2C-BDEBB4149227", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BDD19B4F-5738-4CB1-99FC-F40FDA8388AE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B497D629-62AB-4F21-BDF4-02336A19E04C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "10E68BB2-4132-46F1-B8E9-9FA03FEB92BF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1CBA1A7-02AF-4D59-A6FF-9C52903986EE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "BEAC1912-1412-45B6-920C-A52510095977", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "59A4A5C6-8DF0-4431-BE2C-5C6815371C98", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F90908FF-0E10-4AFD-A38C-4D5E50C05FF3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "591E5985-29A1-4C06-8832-DA1587CFE101", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.", }, { lang: "es", value: "IBM Spectrum Scale 4.1.1.x en versiones anteriores a 4.1.1.8 y 4.2.x en versiones anteriores a 4.2.0.4 y General Parallel File System (GPFS) 3.5.x en versiones anteriores a 3.5.0.32 y 4.1.x en versiones anteriores a 4.1.1.8 permiten a usuarios locales obtener privilegios a través de variables de entorno manipuladas a un programa setuid /usr/lpp/mmfs/bin/.", }, ], id: "CVE-2016-2985", lastModified: "2024-11-21T02:49:08.767", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-25T03:59:03.203", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/92408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92408", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-16 17:15
Modified
2024-11-21 06:18
Severity ?
Summary
IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/209164 | Broken Link, VDB Entry | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6516426 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/209164 | Broken Link, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6516426 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "3BF0492F-D8A9-4222-BD1E-8FA1F90D5300", versionEndIncluding: "5.1.1.1", versionStartIncluding: "5.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.1.0 a 5.1.1.1, podría permitir a un administrador con privilegios destruir los registros de auditoría del sistema de archivos antes del tiempo de caducidad. IBM X-Force ID: 209164", }, ], id: "CVE-2021-38882", lastModified: "2024-11-21T06:18:08.713", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-16T17:15:06.873", references: [ { source: "psirt@us.ibm.com", tags: [ "Broken Link", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209164", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6516426", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6516426", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-27 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/178762 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6214481 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/178762 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6214481 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "16EC9047-391F-4C49-9B11-BE69A39D10A2", versionEndIncluding: "5.0.4.4", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0.0 hasta 5.0.4.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista, conllevando potencialmente a una divulgación de credenciales en una sesión confiable. IBM X-Force ID: 178762.", }, ], id: "CVE-2020-4358", lastModified: "2024-11-21T05:32:38.383", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-27T14:15:11.777", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178762", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178762", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214481", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-13 14:29
Modified
2024-11-21 03:59
Severity ?
7.4 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ssg1S1012049 | Vendor Advisory | |
psirt@us.ibm.com | http://www.securityfocus.com/bid/105546 | Third Party Advisory, VDB Entry | |
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/139240 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ssg1S1012049 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105546 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/139240 | VDB Entry, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | general_parallel_file_system | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C32D85DB-9354-491F-8D25-5D142E6C3EAF", versionEndIncluding: "4.1.0.8", versionStartIncluding: "4.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "70A040E8-E448-4C24-A3CE-D9EEB520CF46", versionEndIncluding: "4.1.1.19", versionStartIncluding: "4.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "9D23238D-249E-4DE9-9AD1-561EFB0B8518", versionEndIncluding: "4.2.0.4", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "208F0B90-ABE8-40DA-8344-39C7815B3116", versionEndIncluding: "4.2.1.2", versionStartIncluding: "4.2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "4D93CD87-07E5-4020-9383-CFE6219BD243", versionEndIncluding: "4.2.2.3", versionStartIncluding: "4.2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "DE750276-0258-460A-8689-DCCE6BC56A3C", versionEndIncluding: "4.2.3.8", versionStartIncluding: "4.2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "3F67A879-9876-4F12-99CC-0F862168F2A7", versionEndIncluding: "5.0.0.2", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.", }, { lang: "es", value: "Una vulnerabilidad en GSKit afecta a IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3 y 5.0.0 y podría permitir que un atacante local obtenga el control del demonio Spectrum Scale, acceda y modifique archivos en el sistema de archivos de Spectrum Scale y, posiblemente, obtenga privilegios de administrador en el nodo. IBM X-Force ID: 139240.", }, ], id: "CVE-2018-1431", lastModified: "2024-11-21T03:59:48.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-13T14:29:00.430", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012049", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105546", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139240", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1012049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105546", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/139240", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-05 13:29
Modified
2024-11-21 04:00
Severity ?
6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | http://www.securityfocus.com/bid/105975 | Third Party Advisory, VDB Entry | |
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/147373 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10732713 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105975 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/147373 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10732713 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "297FCD8F-C2F0-49AA-8EF1-54B905FF10EF", versionEndIncluding: "4.1.1.20", versionStartIncluding: "4.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "4D53E181-1308-459B-B8F3-FF4EAFD7ABF9", versionEndIncluding: "4.2.3.10", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "CD60DDB3-9220-4F7C-A572-85F13BDB061E", versionEndIncluding: "5.0.1.2", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.", }, { lang: "es", value: "IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 y 5.0.1.2 podría permitir que una utilidad de línea de comandos GPFS permita que un usuario autenticado sin privilegios con acceso a un nodo GPFS lea archivos arbitrarios disponibles en este nodo. IBM X-Force ID: 147373.", }, ], id: "CVE-2018-1723", lastModified: "2024-11-21T04:00:15.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-05T13:29:09.273", references: [ { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105975", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/147373", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10732713", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/147373", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10732713", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-19 15:29
Modified
2024-11-21 04:00
Severity ?
6.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/148805 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10730967 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/148805 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10730967 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | 5.0.1.0 | |
ibm | spectrum_scale | 5.0.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:5.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A7692AD9-DA1D-4A4C-8095-C6DA6F418594", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:5.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "492CFB22-76F8-47E1-90AD-08EDCDDAA2A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.", }, { lang: "es", value: "IBM GPFS (IBM Spectrum Scale 5.0.1.0 y 5.0.1.1) permite que un usuario local no privilegiado provoque un pánico en el kernel en un nodo que ejecute GPFS accediendo a un archivo que está almacenado en un sistema de archivos GPFS con mmap o ejecutando un archivo manipulado en un sistema de archivos GPFS. IBM X-Force ID: 148805.", }, ], id: "CVE-2018-1782", lastModified: "2024-11-21T04:00:21.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2, impactScore: 4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-19T15:29:19.843", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148805", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10730967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148805", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10730967", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-10-26 02:59
Modified
2024-11-21 02:32
Severity ?
Summary
IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5:*:*:*:*:*:*:*", matchCriteriaId: "7F13ADEA-CFB7-4302-B7F2-74EF70F08FC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89F44D96-CDE6-405D-ACDB-D1B699F3ED9B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FC814EC9-DDBE-48AD-996F-4684348A31C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4D08020F-C3F5-4175-B671-73AA12E8F571", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "370EEC39-3CE4-43AD-AF18-D585D214130A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DF402081-402A-4277-A83C-729DF038F25D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2F32AE31-9C7C-4FFC-A4FB-9C6D13D02E36", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "A3F9A954-7411-4977-8735-9F61CC3F5E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E8638C2C-434E-4716-BB4F-F759FFFAD008", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.10:*:*:*:*:*:*:*", matchCriteriaId: "37D91B69-57BC-4011-AD90-531B52C1C23A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.11:*:*:*:*:*:*:*", matchCriteriaId: "3061EBC4-981B-4C1E-B4B6-05CE75AC835C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.12:*:*:*:*:*:*:*", matchCriteriaId: "C3C114FE-1A1A-4048-BEF9-2C8637136FFC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.13:*:*:*:*:*:*:*", matchCriteriaId: "58466B0C-9811-42CB-8062-305143F0EC85", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.14:*:*:*:*:*:*:*", matchCriteriaId: "1C1C55A6-EDA7-4039-BB9F-793C08542B19", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.15:*:*:*:*:*:*:*", matchCriteriaId: "442E3A3A-3056-4D1F-BEBD-253FC48BA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.16:*:*:*:*:*:*:*", matchCriteriaId: "3BE5DA93-B2EB-438C-B698-75E5F116C02C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.17:*:*:*:*:*:*:*", matchCriteriaId: "61A5E812-9CBD-4FD1-B4A4-8E889B333B67", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.18:*:*:*:*:*:*:*", matchCriteriaId: "DC2D24BA-6A99-4A15-A7A7-E4EC054E9CDC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.19:*:*:*:*:*:*:*", matchCriteriaId: "75881EF9-571E-409B-ACA6-B74629FF432E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.20:*:*:*:*:*:*:*", matchCriteriaId: "4D9F09E3-A012-43A7-AD86-0E56F4F9810D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.21:*:*:*:*:*:*:*", matchCriteriaId: "7F886B47-11EE-4575-8AB9-AD96AF1D2571", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.22:*:*:*:*:*:*:*", matchCriteriaId: "B3071064-9366-4C0D-8F0C-EB3688A6631A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.23:*:*:*:*:*:*:*", matchCriteriaId: "264DFE33-BCBA-45A9-8225-9807AA3AC30B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.24:*:*:*:*:*:*:*", matchCriteriaId: "171FFBCB-6ECD-4355-9898-0EB76E7ABCA5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.25:*:*:*:*:*:*:*", matchCriteriaId: "10334B9D-7296-426D-9DCE-A12D42842CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.26:*:*:*:*:*:*:*", matchCriteriaId: "91CE891C-0901-4AFA-B7FD-3554EAF1B781", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2E29D816-7A73-47EA-8DE6-E553CA0D1079", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "18C5A85C-F932-44CF-B3EA-691737C96C52", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.", }, { lang: "es", value: "IBM General Parallel File System (GPFS) 3.5.x en versiones anteriores a 3.5.0.27 y 4.1.x en versiones anteriores a 4.1.1.2 y Spectrum Scale 4.1.1.x en versiones anteriores a 4.1.1.2 permite a usuarios locales obtener privilegios de root para ejecución de comandos a través de vectores no especificados.", }, ], id: "CVE-2015-4974", lastModified: "2024-11-21T02:32:07.620", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-10-26T02:59:00.107", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/77025", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1035094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/77025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035094", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-11 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/171247 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1118937 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/171247 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1118937 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "7FAE73C3-363B-4E42-B9D9-EC62D60AF566", versionEndIncluding: "4.2.3.18", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "00449562-F755-42C4-96C9-4B43BC9F05EE", versionEndIncluding: "5.0.4.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.", }, { lang: "es", value: "IBM Spectrum Scale versiones 4.2 y 5.0, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista que puede conllevar a una divulgación de credenciales dentro de una sesión confiable. ID de IBM X-Force: 171247.", }, ], id: "CVE-2019-4665", lastModified: "2024-11-21T04:43:56.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-11T15:15:14.870", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/171247", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1118937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/171247", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1118937", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-09 17:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/199478 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6441429 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/199478 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6441429 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "E1047C5E-8830-460F-BE55-1623760E3470", versionEndExcluding: "5.1.0.2", versionStartIncluding: "5.1.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.", }, { lang: "es", value: "IBM Spectrum Scale versión 5.1.0.1, podría permitir a un atacante local omitir el mecanismo de registro de auditoría del sistema de archivos cuando el registro de auditoría de archivos está habilitado. IBM X-Force ID: 199478", }, ], id: "CVE-2021-29671", lastModified: "2024-11-21T06:01:37.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-09T17:15:16.447", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199478", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6441429", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199478", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6441429", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-27 17:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/199400 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6447107 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/199400 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6447107 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "F7B6457E-1D43-4D57-BAC0-7450122CBD2B", versionEndIncluding: "5.0.5.6", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "90440D6E-C3E8-4DFB-8ACD-CDCC6D0C96AD", versionEndIncluding: "5.1.0.2", versionStartIncluding: "5.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.6 y versiones 5.1.0 hasta 5.1.0.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista que puede conllevar a una divulgación de credenciales dentro de una sesión confiable. IBM X-Force ID: 199400", }, ], id: "CVE-2021-29666", lastModified: "2024-11-21T06:01:36.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-27T17:15:08.440", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199400", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6447107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199400", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6447107", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-01 17:15
Modified
2024-11-21 05:33
Severity ?
Summary
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191599 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6560094 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191599 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6560094 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | 5.0.0 | |
ibm | spectrum_scale | 5.1.0 | |
linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "ED27FEAC-E998-4363-A972-909BA0960793", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "150FF54F-5F44-4DE9-9789-FFDA6A5238C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.", }, { lang: "es", value: "Una vulnerabilidad de seguridad en Spectrum Scale versiones 5.0 y 5.1, permite a un usuario no root desbordar el demonio mmfsd con peticiones e impedir que el demonio atienda otras peticiones. IBM X-Force ID: 191599.", }, ], id: "CVE-2020-4925", lastModified: "2024-11-21T05:33:26.047", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-01T17:15:07.873", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191599", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6560094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6560094", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-20 15:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/181991 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6349465 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/181991 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6349465 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "18A62C6D-4284-4589-840D-31784E43E895", versionEndIncluding: "4.2.3.22", versionStartExcluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "171E5DE9-7898-411A-A00B-88639DEC8D2E", versionEndIncluding: "5.0.5", versionStartExcluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991.", }, { lang: "es", value: "IBM Spectrum Scale versiones V4.2.0.0 hasta V4.2.3.22 y versiones V5.0.0.0 hasta V5.0.5, podría permitir a un atacante local causar una denegación de servicio al enviar una gran cantidad de peticiones RPC al demonio mmfsd que causaría el servicio se bloquee. IBM X-Force ID: 181991", }, ], id: "CVE-2020-4491", lastModified: "2024-11-21T05:32:48.283", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-20T15:15:12.997", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181991", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181991", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349465", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-31 15:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/175419 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6114130 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/175419 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6114130 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_protect_plus | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "E936F991-5169-4149-8D43-F07EBAE8C9C9", versionEndIncluding: "10.1.5", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "9C12F55B-2B7D-4139-8D55-D4F1CE1EC627", versionEndIncluding: "10.1.5", versionStartIncluding: "10.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.", }, { lang: "es", value: "IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios sobre el sistema. ID de IBM X-Force: 175419.", }, ], id: "CVE-2020-4242", lastModified: "2024-11-21T05:32:26.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-31T15:15:21.473", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175419", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6114130", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175419", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6114130", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-15 19:15
Modified
2024-11-21 05:33
Severity ?
5.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191695 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6960571 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191695 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6960571 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "3B403A52-D424-4736-B729-0D434895114E", versionEndExcluding: "5.1.7.0", versionStartIncluding: "5.0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.", }, ], id: "CVE-2020-4927", lastModified: "2024-11-21T05:33:26.303", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 4.2, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-15T19:15:24.500", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191695", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6960571", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/191695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6960571", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-11 15:15
Modified
2024-11-21 04:44
Severity ?
Summary
IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/172093 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1118913 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/172093 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1118913 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "7FAE73C3-363B-4E42-B9D9-EC62D60AF566", versionEndIncluding: "4.2.3.18", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "00449562-F755-42C4-96C9-4B43BC9F05EE", versionEndIncluding: "5.0.4.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.", }, { lang: "es", value: "IBM Spectrum Scale versiones 4.2 y 5.0, podría permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios sobre el sistema. ID de IBM X-Force: 172093.", }, ], id: "CVE-2019-4715", lastModified: "2024-11-21T04:44:02.493", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-11T15:15:14.950", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172093", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1118913", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/172093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1118913", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-27 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/178761 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6214478 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/178761 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6214478 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "16EC9047-391F-4C49-9B11-BE69A39D10A2", versionEndIncluding: "5.0.4.4", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0.0 hasta la versión 5.0.4.4, podría permitir a un atacante remoto obtener información confidencial cuando un mensaje de error técnico detallado es devuelto en el navegador. Esta información podría ser usada en nuevos ataques contra el sistema. IBM X-Force ID: 178761.", }, ], id: "CVE-2020-4357", lastModified: "2024-11-21T05:32:38.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-27T14:15:11.683", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178761", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214478", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178761", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214478", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-05 13:29
Modified
2024-11-21 04:00
Severity ?
Summary
IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/148806 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10732717 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/148806 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10732717 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "297FCD8F-C2F0-49AA-8EF1-54B905FF10EF", versionEndIncluding: "4.1.1.20", versionStartIncluding: "4.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "4D53E181-1308-459B-B8F3-FF4EAFD7ABF9", versionEndIncluding: "4.2.3.10", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "CD60DDB3-9220-4F7C-A572-85F13BDB061E", versionEndIncluding: "5.0.1.2", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.", }, { lang: "es", value: "La utilidad de línea de comandos de IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 y 5.0.1.2) podría permitir que un usuario autenticado sin privilegios con acceso a un nodo GPFS fuerce el cierre de GPFS y deniegue el acceso a los datos disponibles mediante GPFS. IBM X-Force ID: 148806.", }, ], id: "CVE-2018-1783", lastModified: "2024-11-21T04:00:21.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-05T13:29:09.447", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148806", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10732717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148806", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10732717", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-27 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/179158 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6214483 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/179158 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6214483 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "16EC9047-391F-4C49-9B11-BE69A39D10A2", versionEndIncluding: "5.0.4.4", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0.0 hasta 5.0.4.4, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 179158.", }, ], id: "CVE-2020-4379", lastModified: "2024-11-21T05:32:40.257", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-27T14:15:11.950", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179158", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214483", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179158", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214483", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-27 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/178423 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6214482 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/178423 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6214482 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "16EC9047-391F-4C49-9B11-BE69A39D10A2", versionEndIncluding: "5.0.4.4", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0.0 hasta la versión 5.0.4.4, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 178423.", }, ], id: "CVE-2020-4349", lastModified: "2024-11-21T05:32:37.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-27T14:15:11.510", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178423", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214482", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178423", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214482", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-16 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190974 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6430147 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190974 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6430147 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "0516C8ED-E645-4547-A5E9-AE46FF35CE73", versionEndIncluding: "5.0.5.5", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "AF8CD452-4163-4ABF-8A73-B27C95A5B91F", versionEndIncluding: "5.1.0.2", versionStartIncluding: "5.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.5 y versiones 5.1.0 hasta 5.1.0.2, usa una configuración inadecuada de bloqueo de cuenta que podría permitir a un usuario local usar las credenciales de cuenta de la API Rest mediante fuerza bruta. IBM X-Force ID: 190974", }, ], id: "CVE-2020-4891", lastModified: "2024-11-21T05:33:22.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-16T14:15:13.300", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190974", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6430147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190974", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6430147", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-307", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-02 21:59
Modified
2024-11-21 02:36
Severity ?
Summary
IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | general_parallel_file_system | 3.5 | |
ibm | spectrum_scale | 4.1.1.0 | |
ibm | spectrum_scale | 4.1.1.1 | |
ibm | spectrum_scale | 4.1.1.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5:*:*:*:*:*:*:*", matchCriteriaId: "7F13ADEA-CFB7-4302-B7F2-74EF70F08FC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2E29D816-7A73-47EA-8DE6-E553CA0D1079", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "18C5A85C-F932-44CF-B3EA-691737C96C52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9385B07C-881D-4A4E-A0F5-FF1BC88F8CFF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.", }, { lang: "es", value: "IBM Spectrum Scale 4.1.1.x en versiones anteriores a 4.1.1.3 y General Parallel File System (GPFS) 3.5.x en versiones anteriores a 3.5.0.29 y 4.1.x hasta la versión 4.1.0.8 en AIX permite a usuarios locales provocar una denegación de servicio (referencia a puntero incorrecta y caída de nodo) a través de vectores no especificados.", }, ], id: "CVE-2015-7403", lastModified: "2024-11-21T02:36:43.880", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-02T21:59:04.453", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005452", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/79805", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1035094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/79805", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035094", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-02 17:29
Modified
2024-11-21 03:22
Severity ?
4.0 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ssg1S1010869 | Patch, Vendor Advisory | |
psirt@us.ibm.com | http://www.securitytracker.com/id/1040747 | Third Party Advisory, VDB Entry | |
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/133378 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ssg1S1010869 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040747 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/133378 | VDB Entry, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | 5.0.0.0 | |
ibm | general_parallel_file_system | 4.1.0.0 | |
ibm | general_parallel_file_system | 4.1.0.1 | |
ibm | general_parallel_file_system | 4.1.0.2 | |
ibm | general_parallel_file_system | 4.1.0.3 | |
ibm | general_parallel_file_system | 4.1.0.4 | |
ibm | general_parallel_file_system | 4.1.0.5 | |
ibm | general_parallel_file_system | 4.1.0.6 | |
ibm | general_parallel_file_system | 4.1.0.7 | |
ibm | general_parallel_file_system | 4.1.0.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "FFC783AA-F7AA-40A1-8277-214F0D8B118A", versionEndIncluding: "4.1.1.18", versionStartIncluding: "4.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "9D23238D-249E-4DE9-9AD1-561EFB0B8518", versionEndIncluding: "4.2.0.4", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "208F0B90-ABE8-40DA-8344-39C7815B3116", versionEndIncluding: "4.2.1.2", versionStartIncluding: "4.2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "4D93CD87-07E5-4020-9383-CFE6219BD243", versionEndIncluding: "4.2.2.3", versionStartIncluding: "4.2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "6305DEAF-8694-4BCD-8974-A5270268DC79", versionEndIncluding: "4.2.3.6", versionStartIncluding: "4.2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:5.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "86C6E40C-8563-438B-AA6A-1C716B6FF1D9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E78F4327-0160-467E-8C2C-BDEBB4149227", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BDD19B4F-5738-4CB1-99FC-F40FDA8388AE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B497D629-62AB-4F21-BDF4-02336A19E04C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "10E68BB2-4132-46F1-B8E9-9FA03FEB92BF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1CBA1A7-02AF-4D59-A6FF-9C52903986EE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "BEAC1912-1412-45B6-920C-A52510095977", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "59A4A5C6-8DF0-4431-BE2C-5C6815371C98", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F90908FF-0E10-4AFD-A38C-4D5E50C05FF3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "591E5985-29A1-4C06-8832-DA1587CFE101", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.", }, { lang: "es", value: "IBM Spectrum Scale 4.1.1 y 4.2.0 - 4.2.3 podría permitir que un usuario local sin privilegios acceda a información situada en archivos de volcado. Los datos de usuario podrían enviarse a IBM durante las interacciones del servicio. IBM X-Force ID: 133378.", }, ], id: "CVE-2017-1654", lastModified: "2024-11-21T03:22:10.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-02T17:29:00.217", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040747", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040747", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-20 15:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/188599 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6349469 | Patch, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6349475 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/188599 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6349469 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6349475 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | elastic_storage_server | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:elastic_storage_server:*:*:*:*:*:*:*:*", matchCriteriaId: "7BD0011A-C59C-4198-8911-75935E19AAD8", versionEndIncluding: "6.0.1.0", versionStartIncluding: "6.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "F4783CE3-5B22-4575-BDBA-727D6CD36BF7", versionEndIncluding: "4.2.3.23", versionStartExcluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "5B5265F0-2EAF-42DC-840A-F1F6CE464511", versionEndIncluding: "5.0.5.2", versionStartExcluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.", }, { lang: "es", value: "IBM Spectrum Scale versiones V4.2.0.0 hasta V4.2.3.23 y versiones V5.0.0.0 hasta V5.0.5.2, así como IBM Elastic Storage System versiones 6.0.0 hasta 6.0.1.0, podrían permitir que un atacante local invoque un subconjunto de ioctls en el dispositivo con argumentos no válidos que podrían bloquear el keneral y causar una denegación de servicio. IBM X-Force ID: 188599", }, ], id: "CVE-2020-4756", lastModified: "2024-11-21T05:33:12.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-20T15:15:13.357", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188599", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349469", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349475", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349469", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349475", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-31 13:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/181992 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6324249 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/181992 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6324249 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "6E1B6552-CECC-4F3A-A785-B32048798C99", versionEndIncluding: "4.2.3.21", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "A2908F78-BC39-4C1B-A83F-AFCA284F7498", versionEndIncluding: "5.0.4.3", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.", }, { lang: "es", value: "IBM Spectrum Scale versiones V5.0.0.0 hasta V5.0.4.3 y versiones V4.2.0.0 hasta V4.2.3.21, podría permitir a un atacante local causar una denegación de servicio bloqueando el kernel por medio del envío de un subconjunto de ioctls sobre el dispositivo con argumentos no válidos. IBM X-Force ID: 181992", }, ], id: "CVE-2020-4492", lastModified: "2024-11-21T05:32:48.393", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-31T13:15:10.997", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181992", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6324249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/181992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6324249", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-88", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-14 01:15
Modified
2024-11-21 07:27
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/239080 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://https://www.ibm.com/support/pages/node/7094941 | Broken Link | |
nvd@nist.gov | https://www.ibm.com/support/pages/node/7094941 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/239080 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://https://www.ibm.com/support/pages/node/7094941 | Broken Link |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | 5.1.5.0 | |
ibm | spectrum_scale | 5.1.5.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:5.1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D316671F-A7DC-44EA-A075-9976F5B91C2F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:5.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "767AB3CF-B1A9-4AFE-93C2-028212F9FBB0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.", }, { lang: "es", value: "IBM Spectrum Scale 5.1.5.0 a 5.1.5.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 239080.", }, ], id: "CVE-2022-43843", lastModified: "2024-11-21T07:27:16.070", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-14T01:15:07.453", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239080", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "https://https://www.ibm.com/support/pages/node/7094941", }, { source: "nvd@nist.gov", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7094941", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239080", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://https://www.ibm.com/support/pages/node/7094941", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-20 15:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/188595 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6349449 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/188595 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6349449 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "5B5265F0-2EAF-42DC-840A-F1F6CE464511", versionEndIncluding: "5.0.5.2", versionStartExcluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. IBM X-Force ID: 188595", }, ], id: "CVE-2020-4755", lastModified: "2024-11-21T05:33:12.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-20T15:15:13.293", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188595", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/188595", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6349449", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-10-26 02:59
Modified
2024-11-21 02:32
Severity ?
Summary
IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5:*:*:*:*:*:*:*", matchCriteriaId: "7F13ADEA-CFB7-4302-B7F2-74EF70F08FC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89F44D96-CDE6-405D-ACDB-D1B699F3ED9B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FC814EC9-DDBE-48AD-996F-4684348A31C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4D08020F-C3F5-4175-B671-73AA12E8F571", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "370EEC39-3CE4-43AD-AF18-D585D214130A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DF402081-402A-4277-A83C-729DF038F25D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2F32AE31-9C7C-4FFC-A4FB-9C6D13D02E36", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "A3F9A954-7411-4977-8735-9F61CC3F5E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E8638C2C-434E-4716-BB4F-F759FFFAD008", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.10:*:*:*:*:*:*:*", matchCriteriaId: "37D91B69-57BC-4011-AD90-531B52C1C23A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.11:*:*:*:*:*:*:*", matchCriteriaId: "3061EBC4-981B-4C1E-B4B6-05CE75AC835C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.12:*:*:*:*:*:*:*", matchCriteriaId: "C3C114FE-1A1A-4048-BEF9-2C8637136FFC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.13:*:*:*:*:*:*:*", matchCriteriaId: "58466B0C-9811-42CB-8062-305143F0EC85", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.14:*:*:*:*:*:*:*", matchCriteriaId: "1C1C55A6-EDA7-4039-BB9F-793C08542B19", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.15:*:*:*:*:*:*:*", matchCriteriaId: "442E3A3A-3056-4D1F-BEBD-253FC48BA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.16:*:*:*:*:*:*:*", matchCriteriaId: "3BE5DA93-B2EB-438C-B698-75E5F116C02C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.17:*:*:*:*:*:*:*", matchCriteriaId: "61A5E812-9CBD-4FD1-B4A4-8E889B333B67", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.18:*:*:*:*:*:*:*", matchCriteriaId: "DC2D24BA-6A99-4A15-A7A7-E4EC054E9CDC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.19:*:*:*:*:*:*:*", matchCriteriaId: "75881EF9-571E-409B-ACA6-B74629FF432E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.20:*:*:*:*:*:*:*", matchCriteriaId: "4D9F09E3-A012-43A7-AD86-0E56F4F9810D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.21:*:*:*:*:*:*:*", matchCriteriaId: "7F886B47-11EE-4575-8AB9-AD96AF1D2571", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.22:*:*:*:*:*:*:*", matchCriteriaId: "B3071064-9366-4C0D-8F0C-EB3688A6631A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.23:*:*:*:*:*:*:*", matchCriteriaId: "264DFE33-BCBA-45A9-8225-9807AA3AC30B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.24:*:*:*:*:*:*:*", matchCriteriaId: "171FFBCB-6ECD-4355-9898-0EB76E7ABCA5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.25:*:*:*:*:*:*:*", matchCriteriaId: "10334B9D-7296-426D-9DCE-A12D42842CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.26:*:*:*:*:*:*:*", matchCriteriaId: "91CE891C-0901-4AFA-B7FD-3554EAF1B781", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2E29D816-7A73-47EA-8DE6-E553CA0D1079", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "18C5A85C-F932-44CF-B3EA-691737C96C52", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors.", }, { lang: "es", value: "IBM General Parallel File System (GPFS) 3.5.x en versiones anteriores a 3.5.0.27 y 4.1.x en versiones anteriores a 4.1.1.2 y Spectrum Scale 4.1.1.x en versiones anteriores a 4.1.1.2 permite a usuarios locales obtener información sensible desde la memoria del sistema a través de vectores no especificados.", }, ], id: "CVE-2015-4981", lastModified: "2024-11-21T02:32:07.857", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-10-26T02:59:01.607", references: [ { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, { source: "psirt@us.ibm.com", url: "http://www.securityfocus.com/bid/77027", }, { source: "psirt@us.ibm.com", url: "http://www.securitytracker.com/id/1035094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/77027", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035094", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-09 15:15
Modified
2024-11-21 05:32
Severity ?
Summary
The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/175067 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/5693463 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/175067 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/5693463 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "C90B2B8A-9B43-4261-BF1A-8E3E2776444E", versionEndIncluding: "4.2.3.19", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "86CD0350-9000-461B-AB71-BFBA123557FD", versionEndIncluding: "5.0.4.2", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.", }, { lang: "es", value: "El componente file system de IBM Spectrum Scale versiones 4.2 y 5.0, esta afectado por una vulnerabilidad de seguridad de denegación de servicio. Un atacante puede obligar a los demonios mmfsd/mmsdrserv de Spectrum Scale a salir inesperadamente, afectando la funcionalidad del clúster de Spectrum Scale y la disponibilidad de los sistemas de archivos administrados por Spectrum Scale. ID de IBM X-Force: 175067.", }, ], id: "CVE-2020-4217", lastModified: "2024-11-21T05:32:24.990", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-09T15:15:11.927", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175067", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/5693463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/5693463", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-27 17:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/192541 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6447077 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/192541 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6447077 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "3A5DA305-B5D3-4A29-9BA7-EB75944DFA00", versionEndIncluding: "5.1.0.3", versionStartIncluding: "5.0.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.4.1 hasta 5.1.0.3, podría permitir a un usuario privilegiado local sobrescribir archivos debido a una comprobación inapropiada de entrada. IBM X-Force ID: 192541", }, ], id: "CVE-2020-4981", lastModified: "2024-11-21T05:33:30.427", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-27T17:15:08.147", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/192541", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6447077", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/192541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6447077", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/166282 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1073732 | Mitigation, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/166282 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1073732 | Mitigation, Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "1C736EB2-FF09-4B40-8750-C4030EFF7814", versionEndIncluding: "4.2.3.17", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "C053F91F-29C6-4EE5-8AF8-6C518179F373", versionEndIncluding: "5.0.3.2", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad de seguridad en todos los niveles de IBM Spectrum Scale versiones V5.0.0.0 hasta V5.0.3.2 e IBM Spectrum Scale versiones V4.2.0.0 hasta V4.2.3.17, lo que podría permitir a un atacante local obtener privilegios de root mediante la inyección de parámetros en archivos setuid.", }, ], id: "CVE-2019-4558", lastModified: "2024-11-21T04:43:44.063", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-09T16:15:16.373", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166282", }, { source: "psirt@us.ibm.com", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1073732", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/166282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1073732", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-25 17:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/200883 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6455629 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/200883 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6455629 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | 5.1.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:5.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0EA0A98D-1DC4-40B6-8182-3DF4F4952122", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. IBM X-Force ID: 200883.", }, { lang: "es", value: "IBM Spectrum Scale versión 5.1.0.1, podría permitir que un local con acceso al contenedor de pod de la GUI obtener claves criptográficas confidenciales que podrían permitirle elevar sus privilegios. IBM X-Force ID: 200883", }, ], id: "CVE-2021-29708", lastModified: "2024-11-21T06:01:40.637", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-25T17:15:08.257", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/200883", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6455629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/200883", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6455629", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-16 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190450 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6405774 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190450 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6405774 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "CAB48209-C042-4741-BE1D-6F01E314D86F", versionEndExcluding: "5.0.5.5", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "5BFF7810-82BD-42BD-A79B-7ED540A3EEC4", versionEndExcluding: "5.1.0.2", versionStartIncluding: "5.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.5 y versiones 5.1.0 hasta 5.1.0.2, podría permitir a un usuario local envenenar unos archivos de registro que podrían afectar los esfuerzos de soporte y desarrollo. IBM X-Force ID: 190450", }, ], id: "CVE-2020-4851", lastModified: "2024-11-21T05:33:19.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-16T14:15:13.037", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190450", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6405774", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190450", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6405774", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-27 17:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/199403 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6447107 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/199403 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6447107 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "F7B6457E-1D43-4D57-BAC0-7450122CBD2B", versionEndIncluding: "5.0.5.6", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "90440D6E-C3E8-4DFB-8ACD-CDCC6D0C96AD", versionEndIncluding: "5.1.0.2", versionStartIncluding: "5.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.6 y versiones 5.1.0 hasta 5.1.0.2, es potencialmente vulnerable a una inyección de CSV. Un atacante remoto podría ejecutar comandos arbitrarios en el sistema, causados por una comprobación inapropiada del contenido del archivo csv. IBM X-Force ID: 199403", }, ], id: "CVE-2021-29667", lastModified: "2024-11-21T06:01:36.813", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-27T17:15:08.477", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199403", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6447107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6447107", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1236", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-27 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/178424 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6214480 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/178424 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6214480 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "16EC9047-391F-4C49-9B11-BE69A39D10A2", versionEndIncluding: "5.0.4.4", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.", }, { lang: "es", value: "IBM Spectrum Scale versiones 5.0.0.0 hasta 5.0.4.4, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 178424.", }, ], id: "CVE-2020-4350", lastModified: "2024-11-21T05:32:37.687", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-27T14:15:11.607", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178424", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214480", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6214480", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-12 04:15
Modified
2024-11-21 07:27
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/239539 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6909465 | Patch, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6909469 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/239539 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6909465 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6909469 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | elastic_storage_system | * | |
ibm | elastic_storage_system | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
linux | linux_kernel | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*", matchCriteriaId: "22383BE4-63D9-45A9-AB42-385679696151", versionEndIncluding: "6.1.2.4", versionStartIncluding: "6.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*", matchCriteriaId: "FB3E2306-8554-497C-B037-B35392FCA0C5", versionEndIncluding: "6.1.4.1", versionStartIncluding: "6.1.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "4D157B98-8F4F-4D11-9382-8FC2274F6D10", versionEndIncluding: "5.1.2.8", versionStartIncluding: "5.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "459806A7-15A1-418B-BAB6-9440B92D9B3B", versionEndIncluding: "5.1.5.1", versionStartIncluding: "5.1.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.", }, ], id: "CVE-2022-43869", lastModified: "2024-11-21T07:27:18.187", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-12T04:15:16.123", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6909465", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6909469", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6909465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6909469", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-134", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-01 11:59
Modified
2024-11-21 02:36
Severity ?
Summary
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | 4.1.1.0 | |
ibm | spectrum_scale | 4.1.1.1 | |
ibm | spectrum_scale | 4.1.1.2 | |
ibm | spectrum_scale | 4.2.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2E29D816-7A73-47EA-8DE6-E553CA0D1079", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "18C5A85C-F932-44CF-B3EA-691737C96C52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9385B07C-881D-4A4E-A0F5-FF1BC88F8CFF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:4.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "6E32967B-9D22-4120-8C58-FCCC2ECC424F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.", }, { lang: "es", value: "IBM Spectrum Scale 4.1.1 en versiones anteriores a 4.1.1.4 y 4.2.0.0, permite a usuarios remotos autenticados descubrir almacenamiento de objetos de contraseñas de admin a través de vectores no especificados.", }, ], id: "CVE-2015-7456", lastModified: "2024-11-21T02:36:49.453", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-01T11:59:01.097", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005476", }, { source: "psirt@us.ibm.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79381", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-27 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/178414 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6213739 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/178414 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6213739 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "6E1B6552-CECC-4F3A-A785-B32048798C99", versionEndIncluding: "4.2.3.21", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "16EC9047-391F-4C49-9B11-BE69A39D10A2", versionEndIncluding: "5.0.4.4", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414", }, { lang: "es", value: "IBM Spectrum Scale versiones 4.2.0.0 hasta 4.2.3.21 y versiones 5.0.0.0 hasta 5.0.4.4, podría permitir a un usuario autentificado de la Interfaz de Usuario Gráfica llevar a cabo acciones no autorizadas debido a una falta de control de acceso de nivel función. IBM X-Force ID: 178414", }, ], id: "CVE-2020-4348", lastModified: "2024-11-21T05:32:37.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-27T14:15:11.417", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178414", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6213739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/178414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6213739", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-31 15:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/175418 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6114130 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/175418 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6114130 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_protect_plus | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "E936F991-5169-4149-8D43-F07EBAE8C9C9", versionEndIncluding: "10.1.5", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "9C12F55B-2B7D-4139-8D55-D4F1CE1EC627", versionEndIncluding: "10.1.5", versionStartIncluding: "10.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418.", }, { lang: "es", value: "IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios sobre el sistema. ID de IBM X-Force: 175418.", }, ], id: "CVE-2020-4241", lastModified: "2024-11-21T05:32:26.877", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-31T15:15:21.253", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175418", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6114130", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/175418", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6114130", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-13 16:29
Modified
2024-11-21 04:43
Severity ?
Summary
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/160011 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10883568 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/160011 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10883568 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * | |
ibm | spectrum_scale | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "85B0AD9C-560E-415E-A3AA-5B7AF4722B17", versionEndIncluding: "4.1.1.22", versionStartIncluding: "4.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "F9F52758-B2D5-48F3-B8F6-03971CA0E834", versionEndIncluding: "4.2.3.13", versionStartIncluding: "4.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", matchCriteriaId: "5CEC5147-C051-4BEB-B8E7-FC4B27D045F7", versionEndIncluding: "5.0.2.3", versionStartIncluding: "5.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad de seguridad en IBM Spectrum Scale versiones 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.2, 4.2.3 y 5.0.0 con la pila CES habilitada que podría permitir incluir datos sensibles en las instantáneas de servicio. IBM X-Force ID: 160011.", }, ], id: "CVE-2019-4259", lastModified: "2024-11-21T04:43:23.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-13T16:29:01.290", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160011", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10883568", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/160011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10883568", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }