CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4293
https://notcve.org/view.php?id=CVE-2019-4293
20 May 2019 — IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. IBM X-Force ID: 160699. La configuración de IBM Storwize V7000 Unified (2073) 1.6 puede permitir que un atacante revele la versión del servidor en la instalación predeterminada, que podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 160699. • http://www.securityfocus.com/bid/108445 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1467 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1467
14 May 2018 — The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398. La interfaz de gestión web en IBM Storwize V7000 Unified 1.6 expone detalles internos del clúster a usuarios no autenticados. IBM X-Force ID: 140398. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • https://packetstorm.news/files/id/147601 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1375
https://notcve.org/view.php?id=CVE-2017-1375
24 Oct 2017 — IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868. IBM System Storage Storwize V7000 Unified (V7000U) 1.5 y 1.6 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 126868. • http://www.ibm.com/support/docview.wss?uid=ssg1S1010657 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-3077
https://notcve.org/view.php?id=CVE-2014-3077
15 Sep 2014 — IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file. IBM SONAS y System Storage Storwize V7000 Unified (también conocido como V7000U) 1.3.x y 1.4.x anterior a 1.4.3.4 almacena la contraseña chkauth en el registro de auditoría, lo que permite a usuarios locales obtener información sensible mediante la lectura del registro. • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2014-3043
https://notcve.org/view.php?id=CVE-2014-3043
19 Jul 2014 — IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account. IBM Storwize V7000 Unified 1.3.x y 1.4.x anterior a 1.4.3.3 permite a usuarios remotos autenticados ganar privilegios mediante el aprovechamiento del acceso a la cuenta de servicio. • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004811 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-0875
https://notcve.org/view.php?id=CVE-2014-0875
07 Jul 2014 — Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions. Active Cloud Engine (ACE) en IBM Storwize V7000 Unified 1.3.0.0 hasta 1.4.3.x permite a atacantes remotos evadir las restricciones ACL en circunstancias oportunistas mediante el aprovechamiento de la sincronización ACL incorrecta so... • http://www.ibm.com/support/docview.wss?uid=ssg1S1004738 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2013-6737
https://notcve.org/view.php?id=CVE-2013-6737
21 Jun 2014 — IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied. IBM System Storage Storwize V7000 Unified 1.3.x y 1.4.x anterior a 1.4.3.0 no restringe debidamente el contenido de un fichero de volcado cuando encuentra un fallo de hardware 1691, lo que permite a usuarios remotos aut... • http://www.ibm.com/support/docview.wss?uid=ssg1S1004676 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2013-5376
https://notcve.org/view.php?id=CVE-2013-5376
17 Oct 2013 — Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user. Vulnerabilidad XSS en IBM Storwize V7000 Unified 1.3.x y 1.4.x anterior a la versión 1.4.2.0 permite a usuarios remotos sin autenticar inyectar script web arbitrario o HTML a través de vectores sin especificar, relacionados con un ataqu... • http://www.ibm.com/support/docview.wss?uid=ssg1S1004452 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0500
https://notcve.org/view.php?id=CVE-2013-0500
17 Oct 2013 — IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation. IBM Storwize V7000 Unificado 1.3.xy 1.4.x con versiones anteriores a la 1.4.2.0 no trata correctamente los archivos del dispositivo que s... • http://www.ibm.com/support/docview.wss?uid=ssg1S1004430 • CWE-20: Improper Input Validation •