Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Filtered by product San Volume Controller Firmware
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29873 1 Ibm 12 Flashsystem 9000, Flashsystem 9000 Firmware, Flashsystem 9100 and 9 more 2022-07-12 5.5 MEDIUM 8.1 HIGH
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
CVE-2020-4686 1 Ibm 21 Flashsystem V5000, Flashsystem V5000 Firmware, Flashsystem V7200 and 18 more 2021-07-21 5.5 MEDIUM 8.1 HIGH
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.
CVE-2018-1433 1 Ibm 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more 2020-08-19 5.0 MEDIUM 7.5 HIGH
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.
CVE-2018-1434 1 Ibm 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more 2020-08-19 6.8 MEDIUM 8.8 HIGH
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.
CVE-2018-1438 1 Ibm 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more 2020-08-19 5.0 MEDIUM 7.5 HIGH
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.
CVE-2018-1461 1 Ibm 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more 2020-08-19 3.5 LOW 5.4 MEDIUM
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.
CVE-2018-1462 1 Ibm 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more 2020-08-19 6.5 MEDIUM 7.6 HIGH
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.
CVE-2018-1463 1 Ibm 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more 2020-08-19 4.0 MEDIUM 6.5 MEDIUM
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.
CVE-2018-1464 1 Ibm 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more 2020-08-19 4.0 MEDIUM 6.5 MEDIUM
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.
CVE-2018-1466 1 Ibm 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more 2020-08-19 3.5 LOW 5.3 MEDIUM
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.
CVE-2018-1465 1 Ibm 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more 2020-06-03 3.5 LOW 5.3 MEDIUM
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.
CVE-2017-1710 1 Ibm 8 Flashsystem V9000, Flashsystem V9000 Firmware, San Volume Controller and 5 more 2019-10-02 7.5 HIGH 9.8 CRITICAL
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.