CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25681 – IBM Spectrum Virtualize security bypass
https://notcve.org/view.php?id=CVE-2023-25681
05 Mar 2024 — LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033. Los usuarios de LDAP en IBM Spectrum Virtualize 8.5 que están configurados para requerir autenticación multifactor aún pueden autenticarse en la interfaz CIM utilizando solo el nombre de usuario y la contr... • https://exchange.xforce.ibmcloud.com/vulnerabilities/247033 • CWE-308: Use of Single-factor Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27870 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2023-27870
11 May 2023 — IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43873 – IBM Spectrum Virtualize privilege escalation
https://notcve.org/view.php?id=CVE-2022-43873
22 Feb 2023 — An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239847 •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43870 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2022-43870
22 Feb 2023 — IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239540 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39167 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2022-39167
19 Jan 2023 — IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408. IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2 y 7.8, bajo ciertas configuraciones, podría revelar información confidencial a un atacante que utilice técnicas de intermediario. ID de IBM X-Force: 235408. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235408 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38969
https://notcve.org/view.php?id=CVE-2021-38969
11 May 2022 — IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609. IBM Spectrum Virtualize versiones 8.2, 8.3 y 8.4, podría permitir a un atacante el acceso no autorizado debido a un reúso de credenciales generadas por el soporte. IBM X-Force ID: 212609 • https://exchange.xforce.ibmcloud.com/vulnerabilities/212609 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29873
https://notcve.org/view.php?id=CVE-2021-29873
21 Oct 2021 — IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. IBM Flash System 900 podría permitir a un atacante autenticado conseguir información confidencial y causar una denegación de servicio debido a una vulnerabilidad de escape de shell restringido. IBM X-Force ID: 206229 • https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 •
CVSS: 8.1EPSS: 0%CPEs: 22EXPL: 0CVE-2020-4686
https://notcve.org/view.php?id=CVE-2020-4686
17 Aug 2020 — IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678. IBM Spectrum Virtualize versión 8.3.1, podría permitir a un usuario autenticado remoto por medio de LDAP escalar sus privilegios y realizar acciones a las que no debería tener acceso. IBM X-Force ID: 186678. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186678 •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1775
https://notcve.org/view.php?id=CVE-2018-1775
27 Feb 2019 — IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757. Los productos de IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize y IBM FlashSystem, en sus versiones desde la 7.5 hasta la 8.2, podrían permitir a un atacante autenticado descargar archivos arbitrarios desde el sistema operativo. IBM X-Force ID: 148757. • http://www.securityfocus.com/bid/107187 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 1CVE-2018-1433 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1433
14 May 2018 — IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473. En los productos IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize e IBM FlashSystem ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1 y 8.1.1),... • https://packetstorm.news/files/id/147601 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •