Vulnerabilites related to ibm - storage_scale
Vulnerability from fkie_nvd
Published
2025-07-12 12:15
Modified
2025-07-23 19:08
Summary
IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.
Impacted products
Vendor Product Version
ibm storage_scale 5.2.3.0
ibm storage_scale 5.2.3.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:storage_scale:5.2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5647A083-9B78-4FA9-98D7-38B2F260D472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:storage_scale:5.2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "699A3175-7A29-4292-A0EE-78A7264FAF7B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol."
    },
    {
      "lang": "es",
      "value": "IBM Storage Scale 5.2.3.0 y 5.2.3.1 podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n confidencial de los archivos debido a los permisos inseguros heredados a trav\u00e9s del protocolo SMB."
    }
  ],
  "id": "CVE-2025-36104",
  "lastModified": "2025-07-23T19:08:24.813",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-12T12:15:25.930",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7239562"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-277"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-12-14 13:15
Modified
2025-07-25 20:57
Summary
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.
Impacted products
Vendor Product Version
ibm storage_scale *
ibm storage_scale *
linux linux_kernel -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D89EC1-B7FA-4DFB-B1F8-E2117B70B6EA",
              "versionEndExcluding": "5.1.9.7",
              "versionStartIncluding": "5.1.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A39FAEE-68DE-42C3-BE32-693A6054946F",
              "versionEndExcluding": "5.2.2.0",
              "versionStartIncluding": "5.2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 \n\ncontains a local privilege escalation vulnerability. A malicious actor with command line access to the \u0027scalemgmt\u0027 user can elevate privileges to gain root access to the host operating system."
    },
    {
      "lang": "es",
      "value": "IBM Storage Scale GUI 5.1.9.0 a 5.1.9.6 y 5.2.0.0 a 5.2.1.1 contiene una vulnerabilidad de escalada de privilegios locales. Un actor malintencionado con acceso de l\u00ednea de comandos al usuario \u0027scalemgmt\u0027 puede elevar los privilegios para obtener acceso ra\u00edz al sistema operativo host."
    }
  ],
  "id": "CVE-2024-31891",
  "lastModified": "2025-07-25T20:57:17.503",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-14T13:15:17.630",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7178098"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-04-30 15:15
Modified
2025-08-04 17:47
Summary
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.
Impacted products
Vendor Product Version
ibm storage_scale *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7E0917D-1C6E-412F-9E7B-8884E24622A8",
              "versionEndExcluding": "5.2.0.0",
              "versionStartIncluding": "5.1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system.  IBM X-Force ID:  260208."
    },
    {
      "lang": "es",
      "value": "IBM Storage Scale 5.1.0.0 a 5.1.9.2 podr\u00eda permitir que un usuario autenticado robe o manipule una sesi\u00f3n activa para obtener acceso al sistema. ID de IBM X-Force: 260208."
    }
  ],
  "id": "CVE-2023-38002",
  "lastModified": "2025-08-04T17:47:19.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-30T15:15:50.407",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260208"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7149699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7149699"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2025-05-10 03:15
Modified
2025-08-12 01:48
Summary
IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.
Impacted products
Vendor Product Version
ibm storage_scale 5.2.2.0
ibm storage_scale 5.2.2.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:storage_scale:5.2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2EBCAFA-BE7E-492C-B2F1-DD96DA0A0964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:storage_scale:5.2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC2FFB8A-B8FC-4175-8EE6-7E22F01BE55B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization."
    },
    {
      "lang": "es",
      "value": "IBM Storage Scale 5.2.2.0 y 5.2.2.1, bajo ciertas configuraciones, podr\u00edan permitir que un usuario autenticado ejecute comandos privilegiados debido a una neutralizaci\u00f3n de entrada incorrecta."
    }
  ],
  "id": "CVE-2025-1137",
  "lastModified": "2025-08-12T01:48:51.830",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-10T03:15:22.720",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7233085"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-12-14 13:15
Modified
2025-07-25 20:57
Summary
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
Impacted products
Vendor Product Version
ibm storage_scale *
ibm storage_scale *
linux linux_kernel -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D89EC1-B7FA-4DFB-B1F8-E2117B70B6EA",
              "versionEndExcluding": "5.1.9.7",
              "versionStartIncluding": "5.1.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A39FAEE-68DE-42C3-BE32-693A6054946F",
              "versionEndExcluding": "5.2.2.0",
              "versionStartIncluding": "5.2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements."
    },
    {
      "lang": "es",
      "value": "Las versiones de IBM Storage Scale GUI 5.1.9.0 a 5.1.9.6 y 5.2.0.0 a 5.2.1.1 podr\u00edan permitir que un usuario realice acciones no autorizadas despu\u00e9s de interceptar y modificar un archivo csv debido a una neutralizaci\u00f3n incorrecta de los elementos de la f\u00f3rmula."
    }
  ],
  "id": "CVE-2024-31892",
  "lastModified": "2025-07-25T20:57:25.377",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-14T13:15:18.877",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7178098"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

CVE-2025-36104 (GCVE-0-2025-36104)
Vulnerability from cvelistv5
Published
2025-07-12 11:30
Modified
2025-08-18 01:34
CWE
  • CWE-277 - Insecure Inherited Permissions
Summary
IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.
References
Impacted products
Vendor Product Version
IBM Storage Scale Version: 5.2.3.0, 5.2.3.1
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.3.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36104",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-14T16:18:09.057778Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-14T16:18:15.600Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.3.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Storage Scale",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.3.0, 5.2.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol."
            }
          ],
          "value": "IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-277",
              "description": "CWE-277 Insecure Inherited Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-18T01:34:59.319Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7239562"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "For IBM Storage Scale 5.2.3.0 and 5.2.3.1, IBM strongly recommends addressing the vulnerability by upgrading to 5.2.3.2 or later:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage\u0026amp;produ..\"\u003ehttps://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage\u0026amp;produ...\u003c/a\u003e.\u003cbr\u003e"
            }
          ],
          "value": "For IBM Storage Scale 5.2.3.0 and 5.2.3.1, IBM strongly recommends addressing the vulnerability by upgrading to 5.2.3.2 or later:\n https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage\u0026produ... https://www.ibm.com/support/fixcentral/swg/selectFixes ."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Storage Scale information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36104",
    "datePublished": "2025-07-12T11:30:41.359Z",
    "dateReserved": "2025-04-15T21:16:16.298Z",
    "dateUpdated": "2025-08-18T01:34:59.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38002 (GCVE-0-2023-38002)
Vulnerability from cvelistv5
Published
2024-04-30 14:40
Modified
2024-08-02 17:23
CWE
Summary
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.
Impacted products
Vendor Product Version
IBM Storage Scale Version: 5.1.0.0    5.1.9.2
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:storage_scale:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "storage_scale",
            "vendor": "ibm",
            "versions": [
              {
                "lessThanOrEqual": "5.1.9.2",
                "status": "affected",
                "version": "5.1.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-30T16:36:07.496446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:28:25.235Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:23:27.889Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7149699"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260208"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Storage Scale",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "5.1.9.2",
              "status": "affected",
              "version": "5.1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system.  IBM X-Force ID:  260208."
            }
          ],
          "value": "IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system.  IBM X-Force ID:  260208."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-384",
              "description": "CWE-384 Session Fixation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-30T14:40:43.603Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7149699"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260208"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Storage Scale session fixation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-38002",
    "datePublished": "2024-04-30T14:40:43.603Z",
    "dateReserved": "2023-07-11T17:33:11.275Z",
    "dateUpdated": "2024-08-02T17:23:27.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1137 (GCVE-0-2025-1137)
Vulnerability from cvelistv5
Published
2025-05-10 01:56
Modified
2025-05-13 03:55
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.
References
Impacted products
Vendor Product Version
IBM Storage Scale Version: 5.2.2.0, 5.2.2.1
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.1.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T03:55:54.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.1.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Storage Scale",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.2.0, 5.2.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization."
            }
          ],
          "value": "IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-10T01:56:23.135Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7233085"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Storage Scale 5.2.2.0-5.2.2.1, IBM strongly recommends addressing the vulnerability by upgrading to 5.2.3.0 or later:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage\u0026amp;product=ibm/StorageSoftware/IBM+Storage+Scale\u0026amp;release=5.2.3\u0026amp;platform=All\u0026amp;function=all\"\u003ehttps://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage\u0026amp;produ...\u003c/a\u003e"
            }
          ],
          "value": "Storage Scale 5.2.2.0-5.2.2.1, IBM strongly recommends addressing the vulnerability by upgrading to 5.2.3.0 or later:\n\n https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage\u0026produ... https://www.ibm.com/support/fixcentral/swg/selectFixes"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Storage Scale command injection",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-1137",
    "datePublished": "2025-05-10T01:56:23.135Z",
    "dateReserved": "2025-02-08T20:16:19.164Z",
    "dateUpdated": "2025-05-13T03:55:54.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31892 (GCVE-0-2024-31892)
Vulnerability from cvelistv5
Published
2024-12-14 12:58
Modified
2024-12-16 17:05
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
References
Impacted products
Vendor Product Version
IBM Storage Scale Version: 5.1.9.0    5.1.9.6
Version: 5.2.0.0    5.2.1.1
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.1.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-16T17:05:00.978665Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-16T17:05:18.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.1.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Storage Scale",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "5.1.9.6",
              "status": "affected",
              "version": "5.1.9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.1.1",
              "status": "affected",
              "version": "5.2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.\u003c/span\u003e"
            }
          ],
          "value": "IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-14T12:58:45.625Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7178098"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Storage Scale SQL injection",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-31892",
    "datePublished": "2024-12-14T12:58:45.625Z",
    "dateReserved": "2024-04-07T12:44:57.195Z",
    "dateUpdated": "2024-12-16T17:05:18.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31891 (GCVE-0-2024-31891)
Vulnerability from cvelistv5
Published
2024-12-14 13:01
Modified
2024-12-16 17:03
CWE
  • CWE-250 - Execution with Unnecessary Privileges
Summary
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.
References
Impacted products
Vendor Product Version
IBM Storage Scale Version: 5.1.9.0    5.1.9.6
Version: 5.2.0.0    5.2.1.1
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.1.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31891",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-16T17:02:38.759785Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-16T17:03:55.695Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.1.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Storage Scale",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "5.1.9.6",
              "status": "affected",
              "version": "5.1.9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.1.1",
              "status": "affected",
              "version": "5.2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtains a local privilege escalation vulnerability. A malicious actor with command line access to the \u0027scalemgmt\u0027 user can elevate privileges to gain root access to the host operating system.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 \n\ncontains a local privilege escalation vulnerability. A malicious actor with command line access to the \u0027scalemgmt\u0027 user can elevate privileges to gain root access to the host operating system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-14T13:01:34.292Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7178098"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Storage Scale privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-31891",
    "datePublished": "2024-12-14T13:01:34.292Z",
    "dateReserved": "2024-04-07T12:44:57.195Z",
    "dateUpdated": "2024-12-16T17:03:55.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}