CVE-2021-29873
https://notcve.org/view.php?id=CVE-2021-29873
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. IBM Flash System 900 podría permitir a un atacante autenticado conseguir información confidencial y causar una denegación de servicio debido a una vulnerabilidad de escape de shell restringido. IBM X-Force ID: 206229 • https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 https://www.ibm.com/support/pages/node/6497111 https://www.ibm.com/support/pages/node/6507091 •
CVE-2020-4686
https://notcve.org/view.php?id=CVE-2020-4686
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678. IBM Spectrum Virtualize versión 8.3.1, podría permitir a un usuario autenticado remoto por medio de LDAP escalar sus privilegios y realizar acciones a las que no debería tener acceso. IBM X-Force ID: 186678. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186678 https://www.ibm.com/support/pages/node/6260199 •
CVE-2018-1466 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1466
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397. Los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1) emplean algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 140397. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/140397 • CWE-326: Inadequate Encryption Strength •
CVE-2018-1433 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1433
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473. En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DownloadFile no requiere autenticación para leer archivos arbitrarios del sistema. IBM X-Force ID: 139473. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/139473 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-1438 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1438
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566. En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1), web handler /DLSnap podría permitir que un atacante no autenticado lea archivos arbitrarios del sistema. IBM X-Force ID: 139566. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012263 http://www.ibm.com/support/docview.wss?uid=ssg1S1012282 http://www.ibm.com/support/docview.wss?uid=ssg1S1012283 http://www.securityfocus.com/bid/104349 https://exchange.xforce.ibmcloud.com/vulnerabilities/139566 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •