Vulnerabilities > IBM > Spectrum Scale > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-16 | CVE-2020-4851 | Injection vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. | 5.5 |
| 2020-10-20 | CVE-2020-4756 | Improper Resource Shutdown or Release vulnerability in IBM Elastic Storage Server and Spectrum Scale IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. | 5.5 |
| 2020-10-20 | CVE-2020-4755 | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. | 5.4 |
| 2020-10-20 | CVE-2020-4749 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-10-20 | CVE-2020-4748 | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. | 6.1 |
| 2020-10-20 | CVE-2020-4491 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. | 5.5 |
| 2020-08-31 | CVE-2020-4492 | Argument Injection or Modification vulnerability in IBM Spectrum Scale IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. | 5.5 |
| 2020-05-27 | CVE-2020-4378 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. | 4.9 |
| 2020-05-27 | CVE-2020-4358 | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. | 5.4 |
| 2020-05-27 | CVE-2020-4357 | Information Exposure Through an Error Message vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |