Vulnerabilities > IBM > Spectrum Virtualize > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-11 CVE-2023-27870 Unspecified vulnerability in IBM Spectrum Virtualize 8.5
IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress.
network
low complexity
ibm
7.5
2023-02-22 CVE-2022-43873 Unspecified vulnerability in IBM Spectrum Virtualize
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system.
network
low complexity
ibm
8.8
2021-10-21 CVE-2021-29873 Unspecified vulnerability in IBM products
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability.
network
low complexity
ibm
8.1
2020-08-17 CVE-2020-4686 Unspecified vulnerability in IBM products
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to.
network
low complexity
ibm
8.1
2018-05-17 CVE-2018-1462 Incorrect Authorization vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service.
network
low complexity
ibm CWE-863
7.6
2018-05-17 CVE-2018-1438 Information Exposure vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system.
network
low complexity
ibm CWE-200
7.5
2018-05-17 CVE-2018-1434 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2018-05-17 CVE-2018-1433 Information Exposure vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system.
network
low complexity
ibm CWE-200
7.5