Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1AA315E6AEB541D6A06347F97194441255E05597B398B9BF48083CB58274C89A
HistoryOct 04, 2018 - 6:35 a.m.

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a unprivileged, auntheticated user to forcefully unterminate and deny access to data available through GPFS

2018-10-0406:35:02
www.ibm.com
8

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary

IBM Spectrum Scale could allow an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS.

Vulnerability Details

CVEID: CVE-2018-1783 DESCRIPTION: IBM GPFS command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148806&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Spectrum Scale V5.0.0.0 thru V5.0.1.2

IBM Spectrum Scale V4.2.0.0 thru V4.2.3.10

IBM Spectrum Scale V4.1.1.0 thru V4.1.1.20

Remediation/Fixes

For IBM Spectrum Scale V5.0.0.0 thru V5.0.1.2, apply V5.0.2.0 available from FixCentral at
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.2&platform=All&function=all

For IBM Spectrum Scale V4.2.0.0 thru V4.2.3.10, apply V4.2.3.11 available from FixCentral at
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.3&platform=All&function=all

For IBM Spectrum Scale V4.1.0.0 (GPFS) thru V4.1.1.20, apply V4.1.1.21 available from FixCentral at
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=All&function=all

If you cannot apply the latest level of service, contact IBM Service for an efix:

  • IBM Specrum Scale V5.0.0.0 thru V5.0.1.2, reference APAR IJ08220
  • IBM Spectrum Scale 4.2.0.0 thru 4.2.3.10, reference APAR IJ08214
  • IBM Spectrum Scale 4.1.0.0 thru 4.1.1.20, reference APAR IJ08213

To contact IBM Service, see http://www.ibm.com/planetwide/

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum scaleeqany

Related

ibm 6
prion 1
cvelist 1
cve 1
nvd 1
ibm
ibm
Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1783).
2020-01-09 20:32:53
Security Bulletin: IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1783) for Power on Linux
2019-05-31 18:25:01
Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1783) for Power on Linux
2019-05-31 10:30:01
prion
prion
Command injection
2018-10-05 13:29:00
cvelist
cvelist
CVE-2018-1783
2018-10-05 13:00:00
cve
cve
CVE-2018-1783
2018-10-05 13:29:09
nvd
nvd
CVE-2018-1783
2018-10-05 13:29:09

0.0004 Low

EPSS

Percentile

12.6%

JSON
Related for 1AA315E6AEB541D6A06347F97194441255E05597B398B9BF48083CB58274C89A
ibm6prion1cvelist1cve1nvd1