CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4756
https://notcve.org/view.php?id=CVE-2020-4756
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599. IBM Spectrum Scale versiones V4.2.0.0 hasta V4.2.3.23 y versiones V5.0.0.0 hasta V5.0.5.2, así como IBM Elastic Storage System versiones 6.0.0 hasta 6.0.1.0, podrían permitir que un atacante local invoque un subconjunto de ioctls en el dispositivo con argumentos no válidos que podrían bloquear el keneral y causar una denegación de servicio. IBM X-Force ID: 188599 • https://exchange.xforce.ibmcloud.com/vulnerabilities/188599 https://www.ibm.com/support/pages/node/6349469 https://www.ibm.com/support/pages/node/6349475 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4755
https://notcve.org/view.php?id=CVE-2020-4755
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595. IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/188595 https://www.ibm.com/support/pages/node/6349449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4749
https://notcve.org/view.php?id=CVE-2020-4749
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518. IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.2 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/188518 https://www.ibm.com/support/pages/node/6349449 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4748
https://notcve.org/view.php?id=CVE-2020-4748
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517. IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/188517 https://www.ibm.com/support/pages/node/6349449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4491
https://notcve.org/view.php?id=CVE-2020-4491
IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991. IBM Spectrum Scale versiones V4.2.0.0 hasta V4.2.3.22 y versiones V5.0.0.0 hasta V5.0.5, podría permitir a un atacante local causar una denegación de servicio al enviar una gran cantidad de peticiones RPC al demonio mmfsd que causaría el servicio se bloquee. IBM X-Force ID: 181991 • https://exchange.xforce.ibmcloud.com/vulnerabilities/181991 https://www.ibm.com/support/pages/node/6349465 •