IBM Storage Scale
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Storage Scale.
By the Year
In 2026 there have been 1 vulnerability in IBM Storage Scale with an average score of 6.6 out of ten. Last year, in 2025 Storage Scale had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Storage Scale in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.40
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 6.60 |
| 2025 | 2 | 7.00 |
| 2024 | 5 | 7.62 |
It may take a day or so for new Storage Scale vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Storage Scale Security Vulnerabilities
Storage Scale 5.2.3.0-5.2.3.5/6.0.0.0-6.0.0.1: Local Perm Escalation
CVE-2025-14604
6.6 - Medium
- March 03, 2026
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors.
Incorrect Permission Assignment for Critical Resource
IBM Storage Scale 5.2.3.0-5.2.3.1: Authenticated SMB Permission Leak
CVE-2025-36104
6.5 - Medium
- July 12, 2025
IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.
Incorrect Permission Assignment for Critical Resource
IBM Storage Scale 5.2.2.x Authenticated Execution via Input Fuzzing
CVE-2025-1137
7.5 - High
- May 10, 2025
IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.
Execution with Unnecessary Privileges
IBM Storage Scale GUI CSV Injection Vulnerability
CVE-2024-31892
7.5 - High
- December 14, 2024
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
SQL Injection
IBM Storage Scale GUI Local Privilege Escalation Vulnerability
CVE-2024-31891
7.8 - High
- December 14, 2024
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.
Execution with Unnecessary Privileges
IBM Storage Scale Session Hijacking 5.1.0.0 - 5.1.9.2
CVE-2023-38002
8.8 - High
- April 30, 2024
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.
IBM StorageScale 5.1.2-5.1.7: External Network Conn CVE-2022-41738
CVE-2022-41738
7.5 - High
- February 17, 2024
IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812.
authentification
IBM Storage Scale CNA 5.1.2.15.1.7.0 Local Container Namespace Escape
CVE-2022-41737
6.5 - Medium
- February 17, 2024
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local attacker to initiate connections from a container outside the current namespace. IBM X-Force ID: 237811.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Storage Scale or by IBM? Click the Watch button to subscribe.
