threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm spectrum scale
Product
ibm spectrum scale
57 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-43843
all versions
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decr
5.9
MEDIUM
CVE-2023-30434
>= 5.1.0.0 and <= 5.1.2.9
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 thr
6.2
MEDIUM
CVE-2020-4927
>= 5.0.5.0 and < 5.1.7.0
A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injec
5.7
MEDIUM
CVE-2022-43869
>= 5.1.0.0 and <= 5.1.2.8
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 a
6.5
MEDIUM
CVE-2022-40607
<= 5.1.4.0
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access f
6.8
MEDIUM
CVE-2020-4926
< 5.1.3.0
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to use
9.1
CRITICAL
CVE-2022-22368
>= 5.1.0 and <= 5.1.3.0
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decryp
7.5
HIGH
CVE-2020-4925
all versions
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and p
5.5
MEDIUM
CVE-2021-38882
>= 5.1.0 and <= 5.1.1.1
IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expirat
4.4
MEDIUM
CVE-2021-29740
>= 5.0.0.0 and < 5.0.5.7
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security v
7.8
HIGH
CVE-2021-29708
all versions
IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensitive cryptographic keys that co
6.7
MEDIUM
CVE-2021-29667
>= 5.0.0 and <= 5.0.5.6
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker c
7.8
HIGH
CVE-2021-29666
>= 5.0.0 and <= 5.0.5.6
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allow
5.4
MEDIUM
CVE-2020-4981
>= 5.0.4.1 and <= 5.1.0.3
IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation
6.0
MEDIUM
CVE-2021-29671
>= 5.1.0.1 and < 5.1.0.2
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging i
3.3
LOW
CVE-2020-4891
>= 5.0.0.0 and <= 5.0.5.5
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a l
5.5
MEDIUM
CVE-2020-4890
>= 5.0.0.0 and <= 5.0.5.5
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to c
4.4
MEDIUM
CVE-2020-4851
>= 5.0.0.0 and < 5.0.5.5
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact
5.5
MEDIUM
CVE-2020-4889
>= 5.0.0 and <= 5.0.5.4
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and dev
3.3
LOW
CVE-2020-4756
> 4.2.0.0 and <= 4.2.3.23
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.
5.5
MEDIUM
CVE-2020-4755
> 5.0.0.0 and <= 5.0.5.2
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
5.4
MEDIUM
CVE-2020-4749
> 5.0.0.0 and <= 5.0.5.2
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers m
4.3
MEDIUM
CVE-2020-4748
> 5.0.0.0 and <= 5.0.5.2
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
6.1
MEDIUM
CVE-2020-4491
> 4.2.0.0 and <= 4.2.3.22
IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of servic
5.5
MEDIUM
CVE-2020-4492
>= 4.2.0.0 and <= 4.2.3.21
IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of serv
5.5
MEDIUM
CVE-2020-4379
>= 5.0.0.0 and <= 5.0.4.4
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decr
7.5
HIGH
CVE-2020-4378
>= 5.0.0.0 and <= 5.0.4.4
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a spe
4.9
MEDIUM
CVE-2020-4358
>= 5.0.0.0 and <= 5.0.4.4
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitra
5.4
MEDIUM
CVE-2020-4357
>= 5.0.0.0 and <= 5.0.4.4
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical
4.3
MEDIUM
CVE-2020-4350
>= 5.0.0.0 and <= 5.0.4.4
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decr
7.5
HIGH
CVE-2020-4349
>= 5.0.0.0 and <= 5.0.4.4
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decr
7.5
HIGH
CVE-2020-4348
>= 4.2.0.0 and <= 4.2.3.21
IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthori
6.5
MEDIUM
CVE-2020-4412
>= 4.2.0.0 and <= 4.2.3.21
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service s
5.3
MEDIUM
CVE-2020-4411
>= 4.2.0.0 and <= 4.2.3.21
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service v
7.1
HIGH
CVE-2020-4273
>= 4.2.0.0 and <= 4.2.3.20
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute com
7.8
HIGH
CVE-2020-4242
>= 10.1.0 and <= 10.1.5
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbi
8.8
HIGH
CVE-2020-4241
>= 10.1.0 and <= 10.1.5
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbi
8.8
HIGH
CVE-2020-4217
>= 4.2.0.0 and <= 4.2.3.19
The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker ca
7.5
HIGH
CVE-2019-4715
>= 4.2.0.0 and <= 4.2.3.18
IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending
8.8
HIGH
CVE-2019-4665
>= 4.2.0.0 and <= 4.2.3.18
IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip
5.4
MEDIUM
CVE-2019-4558
>= 4.2.0.0 and <= 4.2.3.17
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale
7.8
HIGH
CVE-2019-4259
>= 4.1.1.0 and <= 4.1.1.22
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack ena
5.5
MEDIUM
CVE-2018-1993
>= 4.1.1.0 and <= 4.1.1.21
IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled ma
4.0
MEDIUM
CVE-2018-1783
>= 4.1.0.0 and <= 4.1.1.20
IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged,
5.5
MEDIUM
CVE-2018-1723
>= 4.1.0.0 and <= 4.1.1.20
IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with ac
6.2
MEDIUM
CVE-2018-1782
all versions
IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS
6.5
MEDIUM
CVE-2018-1431
>= 4.1.1.0 and <= 4.1.1.19
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obt
7.4
HIGH
CVE-2017-1654
>= 4.1.1.0 and <= 4.1.1.18
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User
4.0
MEDIUM
CVE-2016-6115
all versions
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and e
7.2
HIGH
CVE-2016-2985
all versions
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 a
7.0
HIGH
CVE-2016-2984
all versions
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 a
7.0
HIGH
CVE-2016-0263
all versions
IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local user
7.0
HIGH
CVE-2015-7488
all versions
IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote at
5.9
MEDIUM
CVE-2015-7403
all versions
IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8
4.0
MEDIUM
CVE-2015-7456
all versions
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords
6.5
MEDIUM
CVE-2015-4981
all versions
IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 a
CVE-2015-4974
all versions
IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 a
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin