CVSS: 9.0EPSS: 11%CPEs: 2EXPL: 0CVE-2020-4241 – IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4241
31 Mar 2020 — IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de u... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175418 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 0CVE-2020-4242 – IBM Spectrum Protect Plus uploadLdapCertificate Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4242
31 Mar 2020 — IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de u... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175419 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4217
https://notcve.org/view.php?id=CVE-2020-4217
09 Mar 2020 — The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067. El componente file system de IBM Spectrum Scale versiones 4.2 y 5.0, esta afectado por una vulnerabilidad de seguridad de denegación de servicio. Un atacante puede... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175067 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.0EPSS: 12%CPEs: 2EXPL: 0CVE-2019-4715
https://notcve.org/view.php?id=CVE-2019-4715
11 Dec 2019 — IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093. IBM Spectrum Scale versiones 4.2 y 5.0, podría permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabil... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172093 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4665
https://notcve.org/view.php?id=CVE-2019-4665
11 Dec 2019 — IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247. IBM Spectrum Scale versiones 4.2 y 5.0, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/171247 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4558
https://notcve.org/view.php?id=CVE-2019-4558
09 Oct 2019 — A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. Se ha identificado una vulnerabilidad de seguridad en todos los niveles de IBM Spectrum Scale versiones V5.0.0.0 hasta V5.0.3.2 e IBM Spectrum Scale versiones V4.2.0.0 hasta V4.2.3.17, lo que podría permitir a un atacante local obtener privilegios de ro... • https://exchange.xforce.ibmcloud.com/vulnerabilities/166282 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4259
https://notcve.org/view.php?id=CVE-2019-4259
13 May 2019 — A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011. Se ha identificado una vulnerabilidad de seguridad en IBM Spectrum Scale versiones 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.2, 4.2.3 y 5.0.0 con la pila CES habilitada que podría permitir incluir datos sensibles en las instantáneas de servicio. IBM X-Force ID: 160011. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160011 •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1993
https://notcve.org/view.php?id=CVE-2018-1993
08 Jan 2019 — IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440. La habilitación del uso de la caché local de solo lectura (también conocida como Local Read Only Cache, LROC) en las versiones 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3 y 5.0.0 de IBM Spectrum Scale (GPFS) podría causar una operación de lectura en un archivo para devolver datos de un archivo d... • http://www.securityfocus.com/bid/106485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1723
https://notcve.org/view.php?id=CVE-2018-1723
05 Oct 2018 — IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373. IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 y 5.0.1.2 podría permitir que una utilidad de línea de comandos GPFS permita que un usuario autenticado sin privilegios con acceso a un nodo GPFS lea archivos arbitrarios disponibles en este nodo. IBM X-Force ID: 147373. • http://www.securityfocus.com/bid/105975 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1783
https://notcve.org/view.php?id=CVE-2018-1783
05 Oct 2018 — IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806. La utilidad de línea de comandos de IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 y 5.0.1.2) podría permitir que un usuario autenticado sin privilegios con acceso a un nodo GPFS fuerce el cierre de GPFS y de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/148806 •