Vulnerabilities > IBM > Spectrum Scale
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-25 | CVE-2021-29708 | Unspecified vulnerability in IBM Spectrum Scale 5.1.0.1 IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. | 4.6 |
| 2021-04-27 | CVE-2020-4981 | Improper Input Validation vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. | 3.6 |
| 2021-04-09 | CVE-2021-29671 | Unspecified vulnerability in IBM Spectrum Scale 5.1.0.1 IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. local ibm | 1.9 |
| 2021-03-16 | CVE-2020-4891 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. | 2.1 |
| 2021-03-16 | CVE-2020-4890 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. | 2.1 |
| 2021-03-16 | CVE-2020-4851 | Injection vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. | 2.1 |
| 2021-01-26 | CVE-2020-4889 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. | 2.1 |
| 2020-10-20 | CVE-2020-4756 | Improper Resource Shutdown or Release vulnerability in IBM Elastic Storage Server and Spectrum Scale IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. | 4.9 |
| 2020-10-20 | CVE-2020-4755 | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. | 3.5 |
| 2020-10-20 | CVE-2020-4749 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |