Lucene search

IbmCVELIST:CVE-2022-41739

HistoryApr 26, 2023 - 2:09 a.m.

CVE-2022-41739 IBM Spectrum Scale privilege escalation

2023-04-2602:09:03

ibm

www.cve.org

ibm spectrum scale

privilege escalation

container native storage access

isolation mechanism

sensitive information

ibm x-force id

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

Percentile

9.0%

JSON

IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Spectrum Scale Container Native Storage Access",
    "vendor": "IBM",
    "versions": [
      {
        "lessThan": "5.1.6.0",
        "status": "affected",
        "version": "5.1.2.1",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/237815

www.ibm.com/support/pages/node/6964568

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2022-41739