Vulnerabilities > IBM > Spectrum Scale > 4.1.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-19 | CVE-2022-40607 | Path Traversal vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. | 6.8 |
| 2022-05-24 | CVE-2020-4926 | Missing Authorization vulnerability in IBM Elastic Storage System and Spectrum Scale A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. | 6.4 |
| 2019-05-13 | CVE-2019-4259 | Unspecified vulnerability in IBM Spectrum Scale A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. | 5.5 |
| 2019-01-08 | CVE-2018-1993 | Information Exposure vulnerability in IBM Spectrum Scale IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. | 2.1 |
| 2018-10-05 | CVE-2018-1783 | Unspecified vulnerability in IBM Spectrum Scale IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. | 2.1 |
| 2018-10-05 | CVE-2018-1723 | Information Exposure vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. | 2.1 |
| 2018-06-13 | CVE-2018-1431 | Unspecified vulnerability in IBM General Parallel File System and Spectrum Scale A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. | 4.6 |
| 2018-03-02 | CVE-2017-1654 | Information Exposure vulnerability in IBM General Parallel File System and Spectrum Scale IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. | 2.1 |
| 2017-02-01 | CVE-2016-6115 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM General Parallel File System and Spectrum Scale IBM General Parallel File System is vulnerable to a buffer overflow. | 9.0 |
| 2016-11-25 | CVE-2016-2985 | Permissions, Privileges, and Access Controls vulnerability in IBM General Parallel File System and Spectrum Scale IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program. | 6.9 |