← Back

Spectrum Virtualize

spectrum_virtualize

Vendor: Ibm • 17 CVEs

CVEs (17)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-25681
1Ibm
1Spectrum Virtualize
Mar 4, 2025
Mar 5, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA...Show more
LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.Show less
CVE-2023-27870
1Ibm
1Spectrum Virtualize
Jan 24, 2025
May 11, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.
CVE-2022-43873
1Ibm
1Spectrum Virtualize
Nov 21, 2024
Feb 22, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.
CVE-2022-43870
1Ibm
1Spectrum Virtualize
Nov 21, 2024
Feb 22, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.
CVE-2022-39167
1Ibm
1Spectrum Virtualize
Nov 21, 2024
Jan 19, 2023
N/A· v4
5.9 MEDIUM· v3
N/A· v2
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.
CVE-2021-38969
1Ibm
1Spectrum Virtualize
Nov 21, 2024
May 11, 2022
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609.
CVE-2021-29873
1Ibm
10Flashsystem 9000 Firmware
Flashsystem 9100 FirmwareSan Volume Controller Firmware+7 more
Nov 21, 2024
Oct 21, 2021
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
CVE-2020-4686
1Ibm
11Flashsystem V5000 Firmware
Flashsystem V7200 FirmwareFlashsystem V9000 Firmware+8 more
Nov 21, 2024
Aug 17, 2020
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.
CVE-2018-1466
1Ibm
8San Volume Controller Firmware
Spectrum VirtualizeSpectrum Virtualize For Public Cloud+5 more
Nov 21, 2024
May 17, 2018
N/A· v4
5.3 MEDIUM· v3
3.5 LOW· v2
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cry...Show more
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.Show less
CVE-2018-1465
1Ibm
8San Volume Controller Firmware
Spectrum VirtualizeSpectrum Virtualize For Public Cloud+5 more
Nov 21, 2024
May 17, 2018
N/A· v4
5.3 MEDIUM· v3
3.5 LOW· v2
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticate...Show more
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.Show less
CVE-2018-1464
1Ibm
8San Volume Controller Firmware
Spectrum VirtualizeSpectrum Virtualize For Public Cloud+5 more
Nov 21, 2024
May 17, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticate...Show more
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.Show less
CVE-2018-1463
1Ibm
8San Volume Controller Firmware
Spectrum VirtualizeSpectrum Virtualize For Public Cloud+5 more
Nov 21, 2024
May 17, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticate...Show more
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.Show less
CVE-2018-1462
1Ibm
8San Volume Controller Firmware
Spectrum VirtualizeSpectrum Virtualize For Public Cloud+5 more
Nov 21, 2024
May 17, 2018
N/A· v4
7.6 HIGH· v3
6.5 MEDIUM· v2
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticate...Show more
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.Show less
CVE-2018-1461
1Ibm
8San Volume Controller Firmware
Spectrum VirtualizeSpectrum Virtualize For Public Cloud+5 more
Nov 21, 2024
May 17, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-sit...Show more
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.Show less
CVE-2018-1438
1Ibm
8San Volume Controller Firmware
Spectrum VirtualizeSpectrum Virtualize For Public Cloud+5 more
Nov 21, 2024
May 17, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could a...Show more
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.Show less
CVE-2018-1434
1Ibm
8San Volume Controller Firmware
Spectrum VirtualizeSpectrum Virtualize For Public Cloud+5 more
Nov 21, 2024
May 17, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-sit...Show more
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.Show less
CVE-2018-1433
1Ibm
8San Volume Controller Firmware
Spectrum VirtualizeSpectrum Virtualize For Public Cloud+5 more
Nov 21, 2024
May 17, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile d...Show more
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.Show less