CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25681 – IBM Spectrum Virtualize security bypass
https://notcve.org/view.php?id=CVE-2023-25681
LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033. Los usuarios de LDAP en IBM Spectrum Virtualize 8.5 que están configurados para requerir autenticación multifactor aún pueden autenticarse en la interfaz CIM utilizando solo el nombre de usuario y la contraseña. Esto no afecta a los usuarios locales con MFA configurado ni a los usuarios remotos que se autentican mediante el inicio de sesión único. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247033 https://www.ibm.com/support/pages/node/6962203 • CWE-308: Use of Single-factor Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27870 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2023-27870
IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249518 https://www.ibm.com/support/pages/node/6985697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43873 – IBM Spectrum Virtualize privilege escalation
https://notcve.org/view.php?id=CVE-2022-43873
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239847 https://www.ibm.com/support/pages/node/6858047 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43870 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2022-43870
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239540 https://www.ibm.com/support/pages/node/6858045 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39167 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2022-39167
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408. IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2 y 7.8, bajo ciertas configuraciones, podría revelar información confidencial a un atacante que utilice técnicas de intermediario. ID de IBM X-Force: 235408. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235408 https://www.ibm.com/support/pages/node/6622025 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •