Spectrum_virtualize - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Spectrum_virtualize
(Ibm)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	17

Date	Id	Summary	Products	Score	Patch	Annotated
2024-03-05	CVE-2023-25681	LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.	Spectrum_virtualize	6.5
2023-05-11	CVE-2023-27870	IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.	Spectrum_virtualize	5.9
2020-08-17	CVE-2020-4686	IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.	Flashsystem_v5000_firmware, Flashsystem_v7200_firmware, Flashsystem_v9000_firmware, Flashsystem_v9100_firmware, Flashsystem_v9200_firmware, San_volume_controller_firmware, Spectrum_virtualize, Storwize_v5000_firmware, Storwize_v5000e_firmware, Storwize_v5100_firmware, Storwize_v7000_firmware	8.1
2021-10-21	CVE-2021-29873	IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.	Flashsystem_9000_firmware, Flashsystem_9100_firmware, San_volume_controller_firmware, Spectrum_virtualize, Spectrum_virtualize_for_public_cloud, Storwize_v3500_software, Storwize_v3700_software, Storwize_v5000_software, Storwize_v5100_software, Storwize_v7000_software	8.1
2022-05-11	CVE-2021-38969	IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609.	Spectrum_virtualize	9.8
2023-01-19	CVE-2022-39167	IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.	Spectrum_virtualize	5.9
2023-02-22	CVE-2022-43870	IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.	Spectrum_virtualize	6.5