Security Bulletin: A vulnerability has been identified in Spectrum Scale packaged in Elastic Storage Server where an unprivileged user to cause denial of service( CVE-2020-4412)

Summary

The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale where an unprivileged user can cause a denial of service. A fix for this vulnerability is available.

Vulnerability Details

CVEID:CVE-2020-4412
**DESCRIPTION:**The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179987 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

The Elastic Storage Server 5.3.0 through 5.3.5
The Elastic Storage Server 5.0.0 through 5.2.9
The Elastic Storage Server 4.5.0 through 4.6.0.0
The Elastic Storage Server 4.0.0 through 4.0.6.0

Remediation/Fixes

For IBM Elastic Storage Server V5.3.0. through V5.3.5, apply V5.3.6 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.3.0&platform=All&function=all

For IBM Elastic Storage Server V5.0.0. through 5.2.9, apply V5.2.10 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.2.0&platform=All&function=all

Workarounds and Mitigations

None