Vulnerabilities > IBM > Spectrum Virtualize

DATE CVE VULNERABILITY TITLE RISK
2023-05-11 CVE-2023-27870 Information Exposure vulnerability in IBM Spectrum Virtualize 8.5
IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress.
network
low complexity
ibm CWE-200
7.5
2023-02-22 CVE-2022-43870 Information Exposure Through Log Files vulnerability in IBM Spectrum Virtualize 8.3.0.0/8.4.0.0/8.5.0.0
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files.
network
low complexity
ibm CWE-532
6.5
2023-02-22 CVE-2022-43873 Unspecified vulnerability in IBM Spectrum Virtualize
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system.
network
low complexity
ibm
8.8
2023-01-19 CVE-2022-39167 Unspecified vulnerability in IBM Spectrum Virtualize
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques.
network
high complexity
ibm
5.9
2022-05-11 CVE-2021-38969 Use of Hard-coded Credentials vulnerability in IBM Spectrum Virtualize 8.2.0.0/8.3.0.0/8.4.0.0
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials.
network
low complexity
ibm CWE-798
5.0
2021-10-21 CVE-2021-29873 Unspecified vulnerability in IBM products
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability.
network
low complexity
ibm
5.5
2020-08-17 CVE-2020-4686 Improper Privilege Management vulnerability in IBM products
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to.
network
low complexity
ibm CWE-269
5.5
2018-05-17 CVE-2018-1466 Inadequate Encryption Strength vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
ibm CWE-326
3.5
2018-05-17 CVE-2018-1465 Information Exposure vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible.
network
ibm CWE-200
3.5
2018-05-17 CVE-2018-1464 Information Exposure vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read.
network
low complexity
ibm CWE-200
4.0