VYPR

Spectrum Virtualize

by IBM

CVEs (16)

  • CVE-2023-25681Mar 5, 2024
    IBM
    Spectrum Virtualize
    risk 0.00cvss epss 0.00

    LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single…

  • CVE-2023-27870May 11, 2023
    IBM
    Spectrum Virtualize
    risk 0.00cvss epss 0.00

    IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.

  • CVE-2022-43873Feb 22, 2023
    IBM
    Spectrum Virtualize
    risk 0.00cvss epss 0.01

    An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.

  • CVE-2022-43870Feb 22, 2023
    IBM
    Spectrum Virtualize
    risk 0.00cvss epss 0.00

    IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.

  • CVE-2022-39167Jan 19, 2023
    IBM
    Spectrum Virtualize
    risk 0.00cvss epss 0.00

    IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.

  • CVE-2021-38969May 11, 2022
    IBM
    Spectrum Virtualize
    risk 0.00cvss epss 0.00

    IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609.

  • CVE-2021-29873Oct 21, 2021
    IBM
    Storwize V7000
    risk 0.00cvss epss 0.00

    IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.

  • CVE-2020-4686Aug 17, 2020
    IBM
    Spectrum Virtualize
    risk 0.00cvss epss 0.00

    IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.

  • CVE-2018-1775Feb 27, 2019
    IBM
    Storwize
    risk 0.00cvss epss 0.00

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.

  • CVE-2018-1464May 17, 2018
    IBM
    Storwize
    risk 0.00cvss epss 0.00

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not…

  • CVE-2018-1434May 17, 2018
    IBM
    Storwize
    risk 0.00cvss epss 0.00

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute…

  • CVE-2018-1465May 17, 2018
    IBM
    Storwize
    risk 0.00cvss epss 0.00

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make…

  • CVE-2018-1462May 17, 2018
    IBM
    Storwize
    risk 0.00cvss epss 0.00

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access…

  • CVE-2018-1466May 17, 2018
    IBM
    Storwize
    risk 0.00cvss epss 0.00

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to…

  • CVE-2018-1463May 17, 2018
    IBM
    Storwize
    risk 0.00cvss epss 0.00

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access…

  • CVE-2018-1461May 17, 2018
    IBM
    Storwize
    risk 0.00cvss epss 0.00

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed…