Vulnerabilities > IBM > Spectrum Scale > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-05 | CVE-2023-30434 | Improper Input Validation vulnerability in IBM Elastic Storage System and Spectrum Scale IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. | 5.5 |
| 2023-02-12 | CVE-2022-43869 | Use of Externally-Controlled Format String vulnerability in IBM Elastic Storage System and Spectrum Scale IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. | 6.5 |
| 2022-12-19 | CVE-2022-40607 | Path Traversal vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. | 6.8 |
| 2022-03-01 | CVE-2020-4925 | Unspecified vulnerability in IBM Spectrum Scale 5.0.0/5.1.0 A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. | 5.5 |
| 2021-11-16 | CVE-2021-38882 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. | 4.4 |
| 2021-05-25 | CVE-2021-29708 | Unspecified vulnerability in IBM Spectrum Scale 5.1.0.1 IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges. | 6.7 |
| 2021-04-27 | CVE-2021-29666 | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2021-04-27 | CVE-2020-4981 | Improper Input Validation vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. | 6.0 |
| 2021-03-16 | CVE-2020-4891 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. | 5.5 |
| 2021-03-16 | CVE-2020-4890 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. | 4.4 |