CVE-2022-43873 – IBM Spectrum Virtualize privilege escalation
https://notcve.org/view.php?id=CVE-2022-43873
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239847 https://www.ibm.com/support/pages/node/6858047 •
CVE-2022-43870 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2022-43870
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239540 https://www.ibm.com/support/pages/node/6858045 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-39167 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2022-39167
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408. IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2 y 7.8, bajo ciertas configuraciones, podría revelar información confidencial a un atacante que utilice técnicas de intermediario. ID de IBM X-Force: 235408. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235408 https://www.ibm.com/support/pages/node/6622025 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-38969
https://notcve.org/view.php?id=CVE-2021-38969
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609. IBM Spectrum Virtualize versiones 8.2, 8.3 y 8.4, podría permitir a un atacante el acceso no autorizado debido a un reúso de credenciales generadas por el soporte. IBM X-Force ID: 212609 • https://exchange.xforce.ibmcloud.com/vulnerabilities/212609 https://www.ibm.com/support/pages/node/6584337 • CWE-798: Use of Hard-coded Credentials •
CVE-2021-29873
https://notcve.org/view.php?id=CVE-2021-29873
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. IBM Flash System 900 podría permitir a un atacante autenticado conseguir información confidencial y causar una denegación de servicio debido a una vulnerabilidad de escape de shell restringido. IBM X-Force ID: 206229 • https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 https://www.ibm.com/support/pages/node/6497111 https://www.ibm.com/support/pages/node/6507091 •