cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-25681,https://securityvulnerability.io/vulnerability/CVE-2023-25681,IBM Spectrum Virtualize 8.5 Multifactor Authentication Bypass Vulnerability,"A vulnerability exists in IBM Spectrum Virtualize 8.5 where LDAP users, despite being configured for multifactor authentication (MFA), can authenticate to the CIM interface using only their username and password. This security flaw exposes organizations to potential unauthorized access, as it undermines the intended protection MFA offers. Local users who have MFA enabled, as well as remote users authenticating through single sign-on, are not impacted by this issue. Organizations utilizing IBM Spectrum Virtualize should be aware of this vulnerability and take necessary precautions to mitigate risks associated with LDAP configurations.",IBM,Spectrum Virtualize,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-05T19:42:01.977Z,0
CVE-2023-27870,https://securityvulnerability.io/vulnerability/CVE-2023-27870,IBM Spectrum Virtualize information disclosure,"IBM Spectrum Virtualize 8.5 may allow unauthorized exposure of sensitive credential information during the download of updates from Fix Central. This vulnerability can arise under specific conditions, posing a risk to data integrity and protection. Organizations using this product should take immediate action to evaluate their setup and apply necessary mitigations as outlined in the IBM support advisory.",IBM,Spectrum Virtualize,5.9,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-05-11T20:15:00.000Z,0
CVE-2022-43873,https://securityvulnerability.io/vulnerability/CVE-2022-43873,IBM Spectrum Virtualize privilege escalation,"An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system.  IBM X-Force ID:  239847.",IBM,Spectrum Virtualize,6.3,MEDIUM,0.00139999995008111,false,,false,false,false,,,false,false,,2023-02-22T17:32:31.652Z,0
CVE-2022-43870,https://securityvulnerability.io/vulnerability/CVE-2022-43870,IBM Spectrum Virtualize information disclosure,"IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files.  IBM X-Force ID:  239540.",IBM,Spectrum Virtualize,6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-02-22T17:26:20.175Z,0
CVE-2022-39167,https://securityvulnerability.io/vulnerability/CVE-2022-39167,IBM Spectrum Virtualize information disclosure,"
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.

",IBM,Spectrum Virtualize,5.9,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2023-01-19T16:44:30.107Z,0
CVE-2021-38969,https://securityvulnerability.io/vulnerability/CVE-2021-38969,Authentication Flaw in IBM Spectrum Virtualize by IBM,"An authentication vulnerability exists within IBM Spectrum Virtualize versions 8.2, 8.3, and 8.4, enabling attackers to exploit the reuse of support-generated credentials. This flaw could allow unauthorized access to the system, potentially leading to a breach of sensitive information. Users are encouraged to upgrade to the latest versions to mitigate risks associated with this vulnerability.",IBM,Spectrum Virtualize,5.6,MEDIUM,0.001550000044517219,false,,false,false,false,,,false,false,,2022-05-11T16:15:00.000Z,0
CVE-2021-29873,https://securityvulnerability.io/vulnerability/CVE-2021-29873,Restricted Shell Escape Vulnerability in IBM Flash System 900,"IBM Flash System 900 contains a restricted shell escape vulnerability that could allow an authenticated attacker to access sensitive information and potentially cause a denial of service. This issue raises significant concerns about data security and system reliability for users of the product. The flaw may permit unauthorized access through the restricted shell, enabling attackers to exploit the system and disrupt operations.",IBM,"Flashsystem 900,Flashsystem V9000,Storwize V3500,Storwize V5000,Storwize V5100,Flashsystem 9100 Family,Storwize V3700,San Volume Controller,Storwize V7000,Spectrum Virtualize Software,Spectrum Virtualize For Public Cloud",8.8,HIGH,0.001230000052601099,false,,false,false,false,,,false,false,,2021-10-21T17:15:00.000Z,0
CVE-2021-20532,https://securityvulnerability.io/vulnerability/CVE-2021-20532,,IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811.,IBM,Spectrum Protect For Virtual Environments,7.4,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-04-26T17:15:00.000Z,0
CVE-2018-2025,https://securityvulnerability.io/vulnerability/CVE-2018-2025,,IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551.,IBM,"Spectrum Protect Backup-archive Client,Spectrum Protect For Virtual Environments",5.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-11-22T00:00:00.000Z,0
CVE-2018-1775,https://securityvulnerability.io/vulnerability/CVE-2018-1775,,"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.",IBM,"Torwize V7000,Torwize V3500,Torwize V3700,Spectrum Virtualize For Public Cloud,Spectrum Virtualize Software,San Volume Controller,Flashsystem V9000,Torwize V5000,Flashsystem 9100 Family",6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2019-02-27T22:29:00.000Z,0
CVE-2018-1466,https://securityvulnerability.io/vulnerability/CVE-2018-1466,,"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.",IBM,"San Volume Controller,Storwize V5000,Spectrum Virtualize Software,Storwize V7000 (2076),Storwize V3700,Storwize V3500,Flashsystem V9000,Spectrum Virtualize For Public Cloud",5.3,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2018-05-17T21:29:00.000Z,0
CVE-2018-1465,https://securityvulnerability.io/vulnerability/CVE-2018-1465,,"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.",IBM,"Storwize V3500,San Volume Controller,Spectrum Virtualize Software,Spectrum Virtualize For Public Cloud,Storwize V7000 (2076),Flashsystem V9000,Storwize V5000,Storwize V3700",5.3,MEDIUM,0.0014799999771639705,false,,false,false,false,,,false,false,,2018-05-17T21:29:00.000Z,0
CVE-2018-1464,https://securityvulnerability.io/vulnerability/CVE-2018-1464,,"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.",IBM,"Storwize V5000,Spectrum Virtualize Software,Storwize V3500,Storwize V7000 (2076),Storwize V3700,Spectrum Virtualize For Public Cloud,San Volume Controller,Flashsystem V9000",6.5,MEDIUM,0.0014799999771639705,false,,false,false,false,,,false,false,,2018-05-17T21:29:00.000Z,0
CVE-2018-1434,https://securityvulnerability.io/vulnerability/CVE-2018-1434,,"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.",IBM,"Flashsystem V9000,Storwize V3700,Storwize V5000,Spectrum Virtualize Software,San Volume Controller,Spectrum Virtualize For Public Cloud,Storwize V7000 (2076),Storwize V3500",8.8,HIGH,0.00406000018119812,false,,false,false,false,,,false,false,,2018-05-17T21:29:00.000Z,0
CVE-2018-1463,https://securityvulnerability.io/vulnerability/CVE-2018-1463,,"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.",IBM,"Storwize V5000,Spectrum Virtualize Software,Storwize V3700,Spectrum Virtualize For Public Cloud,San Volume Controller,Storwize V7000 (2076),Storwize V3500,Flashsystem V9000",6.5,MEDIUM,0.0014799999771639705,false,,false,false,false,,,false,false,,2018-05-17T21:29:00.000Z,0
CVE-2018-1462,https://securityvulnerability.io/vulnerability/CVE-2018-1462,,"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.",IBM,"Storwize V3700,Spectrum Virtualize Software,San Volume Controller,Storwize V5000,Storwize V7000 (2076),Flashsystem V9000,Storwize V3500,Spectrum Virtualize For Public Cloud",7.6,HIGH,0.0016700000269338489,false,,false,false,false,,,false,false,,2018-05-17T21:29:00.000Z,0
CVE-2018-1461,https://securityvulnerability.io/vulnerability/CVE-2018-1461,,"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.",IBM,"Spectrum Virtualize Software,Storwize V5000,Storwize V3500,Storwize V7000 (2076),Storwize V3700,Flashsystem V9000,San Volume Controller,Spectrum Virtualize For Public Cloud",5.4,MEDIUM,0.0019399999873712659,false,,false,false,false,,,false,false,,2018-05-17T21:29:00.000Z,0
CVE-2018-1447,https://securityvulnerability.io/vulnerability/CVE-2018-1447,,"The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.",IBM,"Spectrum Protect,Spectrum Protect Snapshot,Spectrum Protect For Virtual Environments,Spectrum Protect For Space Management",5.1,MEDIUM,0.005330000072717667,false,,false,false,false,,,false,false,,2018-04-04T18:29:00.000Z,0
CVE-2017-1378,https://securityvulnerability.io/vulnerability/CVE-2017-1378,,IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.,IBM,Spectrum Protect For Virtual Environments,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-10-05T17:29:00.000Z,0
CVE-2015-7426,https://securityvulnerability.io/vulnerability/CVE-2015-7426,,The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.,IBM,"Spectrum Protect For Virtual Environments,Spectrum Protect Snapshot",10,CRITICAL,0.02232000045478344,false,,false,false,false,,,false,false,,2016-01-02T21:00:00.000Z,0
CVE-2015-7429,https://securityvulnerability.io/vulnerability/CVE-2015-7429,,The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory.,IBM,"Spectrum Protect For Virtual Environments,Spectrum Protect Snapshot",8.5,HIGH,0.0011099999537691474,false,,false,false,false,,,false,false,,2016-01-02T02:00:00.000Z,0