Ibm

Spectrum Virtualize

17 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-25681

  • EPSS 0.04%
  • Published 05.03.2024 20:16:00
  • Last modified 04.03.2025 12:25:10

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users au...

5.9

CVE-2023-27870

  • EPSS 0.06%
  • Published 11.05.2023 20:15:09
  • Last modified 24.01.2025 17:15:11

IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.

8.8

CVE-2022-43873

  • EPSS 0.08%
  • Published 22.02.2023 18:15:10
  • Last modified 21.11.2024 07:27:18

An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.

6.5

CVE-2022-43870

  • EPSS 0.06%
  • Published 22.02.2023 18:15:10
  • Last modified 21.11.2024 07:27:18

IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.

5.9

CVE-2022-39167

  • EPSS 0.05%
  • Published 19.01.2023 17:15:11
  • Last modified 21.11.2024 07:17:42

IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.

9.8

CVE-2021-38969

  • EPSS 0.19%
  • Published 11.05.2022 16:15:08
  • Last modified 21.11.2024 06:18:19

IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609.

8.1

CVE-2021-29873

  • EPSS 0.43%
  • Published 21.10.2021 17:15:07
  • Last modified 21.11.2024 06:01:57

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.

8.1

CVE-2020-4686

  • EPSS 0.2%
  • Published 17.08.2020 13:15:12
  • Last modified 21.11.2024 05:33:07

IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.

5.3

CVE-2018-1466

  • EPSS 0.12%
  • Published 17.05.2018 21:29:00
  • Last modified 21.11.2024 03:59:52

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that cou...

7.5

CVE-2018-1433

  • EPSS 0.46%
  • Published 17.05.2018 21:29:00
  • Last modified 21.11.2024 03:59:48

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication...