Vulnerabilities > IBM > Spectrum Scale > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-05 CVE-2023-30434 Unspecified vulnerability in IBM Elastic Storage System and Spectrum Scale
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic.
local
low complexity
ibm
5.5
2023-02-12 CVE-2022-43869 Unspecified vulnerability in IBM Elastic Storage System and Spectrum Scale
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.
network
low complexity
ibm
6.5
2022-12-19 CVE-2022-40607 Path Traversal vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem.
network
low complexity
ibm CWE-22
6.8
2022-03-01 CVE-2020-4925 Unspecified vulnerability in IBM Spectrum Scale 5.0.0/5.1.0
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests.
local
low complexity
ibm
5.5
2021-11-16 CVE-2021-38882 Unspecified vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time.
local
low complexity
ibm
4.4
2021-05-25 CVE-2021-29708 Unspecified vulnerability in IBM Spectrum Scale 5.1.0.1
IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that could allow them to elevate their privileges.
local
low complexity
ibm
6.7
2021-04-27 CVE-2021-29666 Cross-site Scripting vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2021-04-27 CVE-2020-4981 Improper Input Validation vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation.
local
low complexity
ibm CWE-20
6.0
2021-03-16 CVE-2020-4891 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials.
local
low complexity
ibm CWE-307
5.5
2021-03-16 CVE-2020-4890 Unspecified vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting.
local
low complexity
ibm
4.4