CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13058 – Authenticated, non-admin users can create storage pools via the sifi API
https://notcve.org/view.php?id=CVE-2024-13058
30 Dec 2024 — An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0. • https://advisories.softiron.cloud • CWE-269: Improper Privilege Management CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45085 – When compute hosts are disabled and reenabled, they immediately transition to "ON", not "INIT"
https://notcve.org/view.php?id=CVE-2023-45085
05 Dec 2023 — An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3. Existe un problema en SoftIron HyperCloud donde los nodos de cálculo pueden conectarse inmediatamente sin... • https://advisories.softiron.cloud • CWE-665: Improper Initialization CWE-1419: Incorrect Initialization of Resource •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45084 – Media caddy removal and reinsertion without reboot may cause data loss
https://notcve.org/view.php?id=CVE-2023-45084
05 Dec 2023 — An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3. Existe un problema en SoftIron HyperCloud donde la extracción y reinserción del drive caddy sin reini... • https://advisories.softiron.cloud • CWE-662: Improper Synchronization CWE-820: Missing Synchronization •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45083 – HyperCloud: "admin" and "serveradmin" users can be deleted
https://notcve.org/view.php?id=CVE-2023-45083
05 Dec 2023 — An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1. Existe una vulnerabilidad de gestión de privilegios inadecuada en HyperCloud que afectará la capacidad de un usuario para autenticarse e... • https://advisories.softiron.cloud • CWE-269: Improper Privilege Management •