Spectrum Scale
by IBM
CVEs (63)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7430 | Hig | 0.55 | 8.4 | 0.01 | Jan 2, 2016 | The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors. | ||
| CVE-2018-1431 | Hig | 0.48 | 7.4 | 0.00 | Jun 13, 2018 | A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator… | ||
| CVE-2016-6115 | Hig | 0.47 | 7.2 | 0.04 | Feb 1, 2017 | IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash. | ||
| CVE-2016-2985 | Hig | 0.46 | 7.0 | 0.00 | Nov 25, 2016 | IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program. | ||
| CVE-2016-2984 | Hig | 0.46 | 7.0 | 0.00 | Nov 25, 2016 | IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program. | ||
| CVE-2016-0263 | Hig | 0.46 | 7.0 | 0.00 | Jun 29, 2016 | IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command. | ||
| CVE-2018-1782 | Med | 0.42 | 6.5 | 0.00 | Sep 19, 2018 | IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID:… | ||
| CVE-2015-7456 | Med | 0.42 | 6.5 | 0.01 | Jan 1, 2016 | IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. | ||
| CVE-2018-1723 | Med | 0.40 | 6.2 | 0.00 | Oct 5, 2018 | IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373. | ||
| CVE-2017-1304 | Med | 0.40 | 6.2 | 0.00 | Jun 21, 2017 | IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to… | ||
| CVE-2015-7488 | Med | 0.38 | 5.9 | 0.00 | Jan 27, 2016 | IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors. | ||
| CVE-2017-1654 | Med | 0.26 | 4.0 | 0.00 | Mar 2, 2018 | IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378. | ||
| CVE-2015-7403 | Med | 0.26 | 4.0 | 0.00 | Jan 2, 2016 | IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors. | ||
| CVE-2020-4241 | 0.01 | — | 0.66 | Mar 31, 2020 | IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on… | |||
| CVE-2022-43843 | 0.00 | — | 0.00 | Dec 14, 2023 | IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080. | |||
| CVE-2023-30434 | 0.00 | — | 0.00 | May 5, 2023 | IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. | |||
| CVE-2022-41739 | 0.00 | — | 0.00 | Apr 26, 2023 | IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID:… | |||
| CVE-2020-4927 | 0.00 | — | 0.00 | Mar 15, 2023 | A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695. | |||
| CVE-2022-43869 | 0.00 | — | 0.01 | Feb 8, 2023 | IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force… | |||
| CVE-2022-40607 | 0.00 | — | 0.01 | Dec 19, 2022 | IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740. |
- risk 0.55cvss 8.4epss 0.01
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.
- risk 0.48cvss 7.4epss 0.00
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator…
- risk 0.47cvss 7.2epss 0.04
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
- risk 0.46cvss 7.0epss 0.00
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.
- risk 0.46cvss 7.0epss 0.00
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.
- risk 0.46cvss 7.0epss 0.00
IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.
- risk 0.42cvss 6.5epss 0.00
IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID:…
- risk 0.42cvss 6.5epss 0.01
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.
- risk 0.40cvss 6.2epss 0.00
IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.
- risk 0.40cvss 6.2epss 0.00
IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to…
- risk 0.38cvss 5.9epss 0.00
IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors.
- risk 0.26cvss 4.0epss 0.00
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.
- risk 0.26cvss 4.0epss 0.00
IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.
- CVE-2020-4241Mar 31, 2020risk 0.01cvss —epss 0.66
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on…
- CVE-2022-43843Dec 14, 2023risk 0.00cvss —epss 0.00
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.
- CVE-2023-30434May 5, 2023risk 0.00cvss —epss 0.00
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.
- CVE-2022-41739Apr 26, 2023risk 0.00cvss —epss 0.00
IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID:…
- CVE-2020-4927Mar 15, 2023risk 0.00cvss —epss 0.00
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.
- CVE-2022-43869Feb 8, 2023risk 0.00cvss —epss 0.01
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force…
- CVE-2022-40607Dec 19, 2022risk 0.00cvss —epss 0.01
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.
Page 1 of 4