CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43843 – IBM Spectrum Scale information disclosure
https://notcve.org/view.php?id=CVE-2022-43843
14 Dec 2023 — IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080. IBM Spectrum Scale 5.1.5.0 a 5.1.5.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 239080. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239080 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43831 – IBM Spectrum Scale privilege escalation
https://notcve.org/view.php?id=CVE-2022-43831
31 Jul 2023 — IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941. IBM Storage Scale Container Native Storage Access de la versión 5.1.2.1 a la versión 5.1.6.1 podría permitir a un usuario local obtener privilegios escalados en un host sin la configuración de contexto de seguridad adecuada. ID de IBM X-Force: 238941. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238941 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30434 – IBM Storage Scale denial of service
https://notcve.org/view.php?id=CVE-2023-30434
05 May 2023 — IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252187 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41736 – IBM Spectrum Scale Container Native Storage Access privilege escalation
https://notcve.org/view.php?id=CVE-2022-41736
29 Apr 2023 — IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810. • https://exchange.xforce.ibmcloud.com/vulnerabilities/237810 •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41739 – IBM Spectrum Scale privilege escalation
https://notcve.org/view.php?id=CVE-2022-41739
26 Apr 2023 — IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815. • https://exchange.xforce.ibmcloud.com/vulnerabilities/237815 •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4927 – IBM Spectrum Scale information disclosure
https://notcve.org/view.php?id=CVE-2020-4927
15 Mar 2023 — A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191695 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43869 – IBM Spectrum Scale denial of service
https://notcve.org/view.php?id=CVE-2022-43869
08 Feb 2023 — IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239539 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40607 – IBM Spectrum Scale directory traversal
https://notcve.org/view.php?id=CVE-2022-40607
19 Dec 2022 — IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740. IBM Spectrum Scale 5.1 podría permitir a los usuarios con permisos para crear pods, volúmenes persistentes y reclamaciones de volumen persistentes acceder a archivos y directorios fuera del volumen, incluso en el sistema de archivos del host. ID de IBM X-Force: 235740. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235740 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43867 – IBM Spectrum Scale command execution
https://notcve.org/view.php?id=CVE-2022-43867
06 Dec 2022 — IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437. IBM Spectrum Scale v5.1.0.1 a v5.1.4.1 podría permitir que un atacante local ejecute comandos arbitrarios en el contenedor. ID de IBM X-Force: 239437. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239437 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22411
https://notcve.org/view.php?id=CVE-2022-22411
10 Aug 2022 — IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016. IBM Spectrum Scale Data Access Services (DAS) versión 5.1.3.1, podría permitir a un usuario autenticado insertar código que podría permitir al atacante manipular los recursos del clúster debido a un exceso de permisos. IBM X-Force ID: 223016 • https://exchange.xforce.ibmcloud.com/vulnerabilities/223016 • CWE-732: Incorrect Permission Assignment for Critical Resource •