CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31891 – IBM Storage Scale privilege escalation
https://notcve.org/view.php?id=CVE-2024-31891
14 Dec 2024 — IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system. • https://www.ibm.com/support/pages/node/7178098 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31892 – IBM Storage Scale SQL injection
https://notcve.org/view.php?id=CVE-2024-31892
14 Dec 2024 — IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements. • https://www.ibm.com/support/pages/node/7178098 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38002 – IBM Storage Scale session fixation
https://notcve.org/view.php?id=CVE-2023-38002
30 Apr 2024 — IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208. IBM Storage Scale 5.1.0.0 a 5.1.9.2 podría permitir que un usuario autenticado robe o manipule una sesión activa para obtener acceso al sistema. ID de IBM X-Force: 260208. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260208 • CWE-384: Session Fixation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41737 – IBM Spectrum Scale security bypass
https://notcve.org/view.php?id=CVE-2022-41737
17 Feb 2024 — IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local attacker to initiate connections from a container outside the current namespace. IBM X-Force ID: 237811. IBM Storage Scale Container Native Storage Access 5.1.2.1 a 5.1.7.0 podría permitir a un atacante local iniciar conexiones desde un contenedor fuera del espacio de nombres actual. ID de IBM X-Force: 237811. • https://exchange.xforce.ibmcloud.com/vulnerabilities/237811 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41738 – IBM Spectrum Scale security bypass
https://notcve.org/view.php?id=CVE-2022-41738
17 Feb 2024 — IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812. IBM Storage Scale Container Native Storage Access 5.1.2.1 hasta 5.1.7.0 podría permitir a un atacante iniciar conexiones a contenedores desde redes externas. ID de IBM X-Force: 237812. • https://exchange.xforce.ibmcloud.com/vulnerabilities/237812 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43831 – IBM Spectrum Scale privilege escalation
https://notcve.org/view.php?id=CVE-2022-43831
31 Jul 2023 — IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941. IBM Storage Scale Container Native Storage Access de la versión 5.1.2.1 a la versión 5.1.6.1 podría permitir a un usuario local obtener privilegios escalados en un host sin la configuración de contexto de seguridad adecuada. ID de IBM X-Force: 238941. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238941 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30434 – IBM Storage Scale denial of service
https://notcve.org/view.php?id=CVE-2023-30434
05 May 2023 — IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252187 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41736 – IBM Spectrum Scale Container Native Storage Access privilege escalation
https://notcve.org/view.php?id=CVE-2022-41736
29 Apr 2023 — IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810. • https://exchange.xforce.ibmcloud.com/vulnerabilities/237810 •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41739 – IBM Spectrum Scale privilege escalation
https://notcve.org/view.php?id=CVE-2022-41739
26 Apr 2023 — IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815. • https://exchange.xforce.ibmcloud.com/vulnerabilities/237815 •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43869 – IBM Spectrum Scale denial of service
https://notcve.org/view.php?id=CVE-2022-43869
08 Feb 2023 — IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239539 • CWE-134: Use of Externally-Controlled Format String •