This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2015-10-25
Product Spectrum Scale Last view 2020-08-31
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:* 32
cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:* 31
cpe:2.3:a:ibm:spectrum_scale:4.1.1.2:*:*:*:*:*:*:* 30
cpe:2.3:a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:* 28
cpe:2.3:a:ibm:spectrum_scale:4.1.1.4:*:*:*:*:*:*:* 27
cpe:2.3:a:ibm:spectrum_scale:4.1.1.3:*:*:*:*:*:*:* 27
cpe:2.3:a:ibm:spectrum_scale:4.2.0.1:*:*:*:*:*:*:* 27
cpe:2.3:a:ibm:spectrum_scale:4.1.1.5:*:*:*:*:*:*:* 26
cpe:2.3:a:ibm:spectrum_scale:4.1.1.6:*:*:*:*:*:*:* 26
cpe:2.3:a:ibm:spectrum_scale:4.1.1.7:*:*:*:*:*:*:* 26
cpe:2.3:a:ibm:spectrum_scale:4.1.1.8:*:*:*:*:*:*:* 26
cpe:2.3:a:ibm:spectrum_scale:4.2.0.2:*:*:*:*:*:*:* 26
cpe:2.3:a:ibm:spectrum_scale:4.2.0.3:*:*:*:*:*:*:* 26
cpe:2.3:a:ibm:spectrum_scale:4.2.2.0:*:*:*:*:*:*:* 25
cpe:2.3:a:ibm:spectrum_scale:4.1.0.0:*:*:*:*:*:*:* 24
cpe:2.3:a:ibm:spectrum_scale:4.2.1:*:*:*:*:*:*:* 24
cpe:2.3:a:ibm:spectrum_scale:4.1.1.9:*:*:*:*:*:*:* 24
cpe:2.3:a:ibm:spectrum_scale:4.1.1.10:*:*:*:*:*:*:* 24
cpe:2.3:a:ibm:spectrum_scale:5.0.0.0:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.11:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.12:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.13:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.14:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.15:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.16:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.17:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.18:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.2.0.4:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.2.3.0:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.2.3.1:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.2.3.2:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.2.3.3:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.2.3.4:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.2.3.5:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.2.3.6:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.19:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.20:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.21:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:4.1.1.22:*:*:*:*:*:*:* 23
cpe:2.3:a:ibm:spectrum_scale:5.0.1.0:*:*:*:*:*:*:* 22
cpe:2.3:a:ibm:spectrum_scale:5.0.1.1:*:*:*:*:*:*:* 22
cpe:2.3:a:ibm:spectrum_scale:4.2.3.7:*:*:*:*:*:*:* 22
cpe:2.3:a:ibm:spectrum_scale:4.2.3.8:*:*:*:*:*:*:* 22
cpe:2.3:a:ibm:spectrum_scale:5.0.0.1:*:*:*:*:*:*:* 22
cpe:2.3:a:ibm:spectrum_scale:5.0.0.2:*:*:*:*:*:*:* 22
cpe:2.3:a:ibm:spectrum_scale:4.2.3.9:*:*:*:*:*:*:* 22
cpe:2.3:a:ibm:spectrum_scale:4.2.3.10:*:*:*:*:*:*:* 22
cpe:2.3:a:ibm:spectrum_scale:4.2.3.11:*:*:*:*:*:*:* 22
cpe:2.3:a:ibm:spectrum_scale:4.2.3.12:*:*:*:*:*:*:* 22
cpe:2.3:a:ibm:spectrum_scale:4.2.3.13:*:*:*:*:*:*:* 22

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-08-31 CVE-2020-4492

IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.

7.5 2020-05-27 CVE-2020-4379

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.

4.9 2020-05-27 CVE-2020-4378

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157.

5.4 2020-05-27 CVE-2020-4358

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.

4.3 2020-05-27 CVE-2020-4357

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.

7.5 2020-05-27 CVE-2020-4350

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424.

7.5 2020-05-27 CVE-2020-4349

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.

6.5 2020-05-27 CVE-2020-4348

IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414

5.3 2020-05-19 CVE-2020-4412

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987.

7.1 2020-05-19 CVE-2020-4411

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986.

7.8 2020-04-03 CVE-2020-4273

IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977.

8.8 2020-03-31 CVE-2020-4242

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.

8.8 2020-03-31 CVE-2020-4241

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418.

7.5 2020-03-09 CVE-2020-4217

The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.

8.8 2019-12-11 CVE-2019-4715

IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.

5.4 2019-12-11 CVE-2019-4665

IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.

7.8 2019-10-09 CVE-2019-4558

A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.

5.5 2019-05-13 CVE-2019-4259

A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.

3.3 2019-01-08 CVE-2018-1993

IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.

5.5 2018-10-05 CVE-2018-1783

IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.

5.5 2018-10-05 CVE-2018-1723

IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.

6.5 2018-09-19 CVE-2018-1782

IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.

7.8 2018-06-13 CVE-2018-1431

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.

3.3 2018-03-02 CVE-2017-1654

IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.

7.2 2017-02-01 CVE-2016-6115

IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.

CWE : Common Weakness Enumeration

%idName
28% (7) CWE-200 Information Exposure
12% (3) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
12% (3) CWE-264 Permissions, Privileges, and Access Controls
8% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
8% (2) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
8% (2) CWE-20 Improper Input Validation
4% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
4% (1) CWE-269 Improper Privilege Management
4% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (1) CWE-88 Argument Injection or Modification
4% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
4% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')