CVE-2024-31891 IBM Storage Scale privilege escalation

🗓️ 14 Dec 2024 13:01:34Reported by ibmType

Local privilege escalation in IBM Storage Scale, allowing root access for 'scalemgmt' users.

Reporter	Title	Published	Views	Family All 10
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities which can affect IBM Storage Scale are now fixed.	17 Dec 202419:05	–	ibm
Circl	CVE-2024-31891	14 Dec 202413:05	–	circl
CNNVD	IBM Storage Scale 安全漏洞	14 Dec 202400:00	–	cnnvd
CVE	CVE-2024-31891	14 Dec 202413:01	–	cve
EUVD	EUVD-2024-29749	3 Oct 202520:07	–	euvd
NVD	CVE-2024-31891	14 Dec 202413:15	–	nvd
OSV	CVE-2024-31891	14 Dec 202413:15	–	osv
Positive Technologies	PT-2024-24270 · Ibm · Ibm Storage Scale Gui	14 Dec 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-31891	5 Feb 202500:26	–	redhatcve
Vulnrichment	CVE-2024-31891 IBM Storage Scale privilege escalation	14 Dec 202413:01	–	vulnrichment

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.1.9.6:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.1.1:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Storage Scale",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "5.1.9.6",
        "status": "affected",
        "version": "5.1.9.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "5.2.1.1",
        "status": "affected",
        "version": "5.2.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7178098

14 Dec 2024 13:01Current

CVSS 3.17.8

EPSS0.00155

CWE-250