6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
33.7%
IBM Storage Scale, shipped with OpenStack Swift, is exposed to vulnerabilities as detailed below. The exposure to this vulnerability only exists if the Object protocol has been configured with S3 enabled.
CVEID:CVE-2022-47950
**DESCRIPTION:**OpenStack Swift could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the S3 XML parser. By using a specially-crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files from the host server.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244878 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Storage Scale | 5.1.0.0 - 5.1.2.11 |
IBM Storage Scale | 5.1.3.0 - 5.1.7.1 |
For IBM Storage Scale V5.1.0.0 through V5.1.2.11, apply V5.1.2.12 available from FixCentral at:
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.2&platform=All&function=all
For IBM Storage Scale V5.1.3.0 through V5.1.7.1, apply V5.1.8 available from FixCentral at:
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.8&platform=All&function=all
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm storage scale | eq | 5.1. |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
33.7%