6 results (0.007 seconds)

CVSS: 2.1EPSS: 0%CPEs: 11EXPL: 0

IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file. IBM SONAS y System Storage Storwize V7000 Unified (también conocido como V7000U) 1.3.x y 1.4.x anterior a 1.4.3.4 almacena la contraseña chkauth en el registro de auditoría, lo que permite a usuarios locales obtener información sensible mediante la lectura del registro. • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837 https://exchange.xforce.ibmcloud.com/vulnerabilities/93906 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0

IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account. IBM Storwize V7000 Unified 1.3.x y 1.4.x anterior a 1.4.3.3 permite a usuarios remotos autenticados ganar privilegios mediante el aprovechamiento del acceso a la cuenta de servicio. • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004811 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 16EXPL: 0

Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions. Active Cloud Engine (ACE) en IBM Storwize V7000 Unified 1.3.0.0 hasta 1.4.3.x permite a atacantes remotos evadir las restricciones ACL en circunstancias oportunistas mediante el aprovechamiento de la sincronización ACL incorrecta sobre una conexión NFS no fiable que requiere retransmisiones. • http://www.ibm.com/support/docview.wss?uid=ssg1S1004738 http://www.securityfocus.com/bid/68398 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 13EXPL: 0

IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied. IBM System Storage Storwize V7000 Unified 1.3.x y 1.4.x anterior a 1.4.3.0 no restringe debidamente el contenido de un fichero de volcado cuando encuentra un fallo de hardware 1691, lo que permite a usuarios remotos autenticados obtener información sensible de fragmentos de datos de clientes mediante la lectura este fichero después de que esté copiado. • http://www.ibm.com/support/docview.wss?uid=ssg1S1004676 http://www.securityfocus.com/bid/68133 https://exchange.xforce.ibmcloud.com/vulnerabilities/89782 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user. Vulnerabilidad XSS en IBM Storwize V7000 Unified 1.3.x y 1.4.x anterior a la versión 1.4.2.0 permite a usuarios remotos sin autenticar inyectar script web arbitrario o HTML a través de vectores sin especificar, relacionados con un ataque "cross frame scripting" contra un usuario administrativo. • http://www.ibm.com/support/docview.wss?uid=ssg1S1004452 https://exchange.xforce.ibmcloud.com/vulnerabilities/86902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •