CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25681 – IBM Spectrum Virtualize security bypass
https://notcve.org/view.php?id=CVE-2023-25681
05 Mar 2024 — LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033. Los usuarios de LDAP en IBM Spectrum Virtualize 8.5 que están configurados para requerir autenticación multifactor aún pueden autenticarse en la interfaz CIM utilizando solo el nombre de usuario y la contr... • https://exchange.xforce.ibmcloud.com/vulnerabilities/247033 • CWE-308: Use of Single-factor Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27870 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2023-27870
11 May 2023 — IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43873 – IBM Spectrum Virtualize privilege escalation
https://notcve.org/view.php?id=CVE-2022-43873
22 Feb 2023 — An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239847 •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43870 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2022-43870
22 Feb 2023 — IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239540 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39167 – IBM Spectrum Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2022-39167
19 Jan 2023 — IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408. IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2 y 7.8, bajo ciertas configuraciones, podría revelar información confidencial a un atacante que utilice técnicas de intermediario. ID de IBM X-Force: 235408. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235408 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •