Vulnerabilities > IBM > Spectrum Scale > 4.2.0.0

DATE CVE VULNERABILITY TITLE RISK
2022-12-19 CVE-2022-40607 Path Traversal vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem.
network
low complexity
ibm CWE-22
6.8
2022-05-24 CVE-2020-4926 Missing Authorization vulnerability in IBM Elastic Storage System and Spectrum Scale
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol.
network
low complexity
ibm CWE-862
6.4
2020-08-31 CVE-2020-4492 Argument Injection or Modification vulnerability in IBM Spectrum Scale
IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments.
local
low complexity
ibm CWE-88
2.1
2020-05-27 CVE-2020-4348 Incorrect Authorization vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control.
network
low complexity
ibm CWE-863
4.0
2020-05-19 CVE-2020-4412 Unspecified vulnerability in IBM Spectrum Scale
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability.
network
low complexity
ibm
5.0
2020-05-19 CVE-2020-4411 Improper Input Validation vulnerability in IBM Spectrum Scale
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system.
local
low complexity
ibm CWE-20
4.9
2020-04-03 CVE-2020-4273 Improper Privilege Management vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input.
local
ibm CWE-269
6.9
2020-03-09 CVE-2020-4217 Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Spectrum Scale
The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability.
network
low complexity
ibm CWE-754
5.0
2019-12-11 CVE-2019-4715 Improper Input Validation vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-20
critical
9.0
2019-12-11 CVE-2019-4665 Cross-site Scripting vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5