Page 3 of 39 results (0.001 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450. IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.5 y versiones 5.1.0 hasta 5.1.0.2, podría permitir a un usuario local envenenar unos archivos de registro que podrían afectar los esfuerzos de soporte y desarrollo. IBM X-Force ID: 190450 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190450 https://www.ibm.com/support/pages/node/6405774 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0

IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971. IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.4 y versión 5.1.0, podría permitir a un usuario local envenene los archivos de registro que podrían afectar los esfuerzos de soporte y desarrollo. IBM X-Force ID: 190971 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190971 https://www.ibm.com/support/pages/node/6405776 •

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599. IBM Spectrum Scale versiones V4.2.0.0 hasta V4.2.3.23 y versiones V5.0.0.0 hasta V5.0.5.2, así como IBM Elastic Storage System versiones 6.0.0 hasta 6.0.1.0, podrían permitir que un atacante local invoque un subconjunto de ioctls en el dispositivo con argumentos no válidos que podrían bloquear el keneral y causar una denegación de servicio. IBM X-Force ID: 188599 • https://exchange.xforce.ibmcloud.com/vulnerabilities/188599 https://www.ibm.com/support/pages/node/6349469 https://www.ibm.com/support/pages/node/6349475 • CWE-404: Improper Resource Shutdown or Release •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595. IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/188595 https://www.ibm.com/support/pages/node/6349449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518. IBM Spectrum Scale versiones 5.0.0 hasta 5.0.5.2 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/188518 https://www.ibm.com/support/pages/node/6349449 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •