VYPR

Storage Scale

by IBM

CVEs (7)

  • CVE-2024-31891HigDec 14, 2024
    risk 0.51cvss 7.8epss 0.00

    IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.

  • CVE-2025-1137HigMay 10, 2025
    risk 0.49cvss 7.5epss 0.00

    IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.

  • CVE-2024-31892HigDec 14, 2024
    risk 0.49cvss 7.5epss 0.00

    IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.

  • CVE-2025-36104MedJul 12, 2025
    risk 0.42cvss 6.5epss 0.00

    IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.

  • CVE-2023-30434MedMay 5, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.

  • CVE-2023-38002MedApr 30, 2024
    risk 0.33cvss 5.0epss 0.00

    IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.

  • CVE-2025-14604Mar 3, 2026
    risk 0.00cvss epss 0.00

    IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors.