Page 6 of 38 results (0.004 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986. El componente filesystem de Spectrum Scale versiones 4.2.0.0 hasta 4.2.3.21 y versiones 5.0.0.0 hasta 5.0.4.3, está afectado por una vulnerabilidad de denegación de servicio en su módulo kernel que podría permitir a un atacante causar una condición de denegación de servicio en el sistema afectado. • https://exchange.xforce.ibmcloud.com/vulnerabilities/179986 https://www.ibm.com/support/pages/node/6209002 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977. IBM Spectrum Scale versiones 4.2 y 5.0, podría permitir a un atacante local sin privilegios con un conocimiento íntimo del entorno ejecutar comandos como root usando una entrada especialmente diseñada. ID de IBM X-Force: 175977. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175977 https://www.ibm.com/support/pages/node/6151701 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067. El componente file system de IBM Spectrum Scale versiones 4.2 y 5.0, esta afectado por una vulnerabilidad de seguridad de denegación de servicio. Un atacante puede obligar a los demonios mmfsd/mmsdrserv de Spectrum Scale a salir inesperadamente, afectando la funcionalidad del clúster de Spectrum Scale y la disponibilidad de los sistemas de archivos administrados por Spectrum Scale. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175067 https://www.ibm.com/support/pages/node/5693463 • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093. IBM Spectrum Scale versiones 4.2 y 5.0, podría permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172093 https://www.ibm.com/support/pages/node/1118913 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247. IBM Spectrum Scale versiones 4.2 y 5.0, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista que puede conllevar a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171247 https://www.ibm.com/support/pages/node/1118937 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •