CVE-2021-29873
https://notcve.org/view.php?id=CVE-2021-29873
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. IBM Flash System 900 podría permitir a un atacante autenticado conseguir información confidencial y causar una denegación de servicio debido a una vulnerabilidad de escape de shell restringido. IBM X-Force ID: 206229 • https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 https://www.ibm.com/support/pages/node/6497111 https://www.ibm.com/support/pages/node/6507091 •
CVE-2020-4686
https://notcve.org/view.php?id=CVE-2020-4686
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678. IBM Spectrum Virtualize versión 8.3.1, podría permitir a un usuario autenticado remoto por medio de LDAP escalar sus privilegios y realizar acciones a las que no debería tener acceso. IBM X-Force ID: 186678. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186678 https://www.ibm.com/support/pages/node/6260199 •
CVE-2019-4293
https://notcve.org/view.php?id=CVE-2019-4293
IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. IBM X-Force ID: 160699. La configuración de IBM Storwize V7000 Unified (2073) 1.6 puede permitir que un atacante revele la versión del servidor en la instalación predeterminada, que podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 160699. • http://www.securityfocus.com/bid/108445 https://exchange.xforce.ibmcloud.com/vulnerabilities/160699 https://www.ibm.com/support/docview.wss?uid=ibm10884656 •
CVE-2018-1775
https://notcve.org/view.php?id=CVE-2018-1775
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757. Los productos de IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize y IBM FlashSystem, en sus versiones desde la 7.5 hasta la 8.2, podrían permitir a un atacante autenticado descargar archivos arbitrarios desde el sistema operativo. IBM X-Force ID: 148757. • http://www.securityfocus.com/bid/107187 https://exchange.xforce.ibmcloud.com/vulnerabilities/148757 https://www.ibm.com/support/docview.wss?uid=ibm10872486 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-1467 – IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-1467
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398. La interfaz de gestión web en IBM Storwize V7000 Unified 1.6 expone detalles internos del clúster a usuarios no autenticados. IBM X-Force ID: 140398. Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. • http://www.ibm.com/support/docview.wss?uid=ssg1S1012293 http://www.securityfocus.com/bid/104290 https://exchange.xforce.ibmcloud.com/vulnerabilities/140398 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •