Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM201FE6DED34C08EABFF0EF7394CD67D85444AA5DF075AD932245148AD1C76EB7
HistoryDec 11, 2020 - 4:13 p.m.

Security Bulletin: Multiple vulnerabilities affect the IBM Elastic Storage System GUI

2020-12-1116:13:47
www.ibm.com
6

0.001 Low

EPSS

Percentile

32.7%

JSON

Summary

Vulnerabilities exist in all levels of IBM Elastic Storage System GUI. A fix for this vulnerability is available.

Vulnerability Details

CVEID:CVE-2020-4748
**DESCRIPTION:**IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188517 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2020-4749
**DESCRIPTION:**IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188518 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-4755
**DESCRIPTION:**IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188595 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

ESS V6.0.0 through 6.0.1.0
ESS V5.3.0 through 5.3.6

Remediation/Fixes

For IBM ESS V6.0.0 through 6.0.1.0, apply V6.0.1.1 or later available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.0.0&platform=All&function=all

For IBM ESS V5.3.0 through 5.3.6, apply V5.3.6.1 or later available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.3.0&platform=All&function=all

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm elastic storage servereq6.0

Related

ibm 1
cve 3
prion 3
cvelist 3
nvd 3
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect the IBM Spectrum Scale GUI.
2020-10-19 10:24:03
cve
cve
CVE-2020-4755
2020-10-20 15:15:13
CVE-2020-4749
2020-10-20 15:15:13
CVE-2020-4748
2020-10-20 15:15:13
prion
prion
Cross site scripting
2020-10-20 15:15:00
Cross site scripting
2020-10-20 15:15:00
Authorization
2020-10-20 15:15:00
cvelist
cvelist
CVE-2020-4755
2020-10-19 00:00:00
CVE-2020-4748
2020-10-19 00:00:00
CVE-2020-4749
2020-10-19 00:00:00
nvd
nvd
CVE-2020-4755
2020-10-20 15:15:13
CVE-2020-4748
2020-10-20 15:15:13
CVE-2020-4749
2020-10-20 15:15:13

0.001 Low

EPSS

Percentile

32.7%

JSON
Related for 201FE6DED34C08EABFF0EF7394CD67D85444AA5DF075AD932245148AD1C76EB7
ibm1cve3prion3cvelist3nvd3