Vulnerabilities > IBM > Spectrum Virtualize > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-22 CVE-2022-43870 Unspecified vulnerability in IBM Spectrum Virtualize 8.3.0.0/8.4.0.0/8.5.0.0
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files.
network
low complexity
ibm
6.5
2023-01-19 CVE-2022-39167 Unspecified vulnerability in IBM Spectrum Virtualize
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques.
network
high complexity
ibm
5.9
2018-05-17 CVE-2018-1466 Inadequate Encryption Strength vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
high complexity
ibm CWE-326
5.3
2018-05-17 CVE-2018-1465 Information Exposure vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible.
network
high complexity
ibm CWE-200
5.3
2018-05-17 CVE-2018-1464 Information Exposure vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read.
network
low complexity
ibm CWE-200
6.5
2018-05-17 CVE-2018-1463 Incorrect Authorization vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials.
network
low complexity
ibm CWE-863
6.5
2018-05-17 CVE-2018-1461 Cross-site Scripting vulnerability in IBM products
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4