Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3D4EA4877C29E7669F397B8B54D73F61D9CDCD3A07AFAFF80DAD98250F4998F4
HistoryNov 26, 2018 - 4:45 p.m.

Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by a vulnerability which could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723)

2018-11-2616:45:01
www.ibm.com
5

0.001 Low

EPSS

Percentile

20.0%

JSON

Summary

The Elastic Storage Server are affected by a vulnerability in IBM Spectrum Scale could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723).

Vulnerability Details

CVEID: CVE-2018-1723 DESCRIPTION: IBM Spectrum Scale could allow a GPFS command line utility allows an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147373&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

The Elastic Storage Server 5.3 thru 5.3.1.1
The Elastic Storage Server 5.0.0 thru 5.2.3
The Elastic Storage Server 4.5.0 thru 4.6.0
The Elastic Storage Server 4.0.0 thru 4.0.6

The Elastic Storage Server 3.5.0 thru 3.5.6
The Elastic Storage Server 3.0.0 thru 3.0.5
The Elastic Storage Server 2.5.0 thru 2.5.5

Remediation/Fixes

For IBM Elastic Storage Server V5.0.0. thru 5.3.1.1, apply V5.3.2 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.3.0&platform=Linux+64-bit,pSeries&function=all

For IBM Elastic Storage Server V5.0.0. thru 5.2.3, apply V5.2.4 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.2.0&platform=Linux+64-bit,pSeries&function=all

Notes:
If you are unable to upgrade to ESS 5.3.2 or 5.2.4, please contact IBM Service to obtain an efix:

- For IBM Elastic Storage Server 5.3 - 5.3.1.1, reference APAR IJ08237
- For IBM Elastic Storage Server 5.0 - 5.2.3, reference APAR IJ08232
- For IBM Elastic Storage Server 4.0.0 - 4.6.0, reference APAR IIJ08232

-For IBM Elastic Storage Server 2.5.0 thru 3.5.6, reference APAR IJ08224

To contact IBM Service, see http://www.ibm.com/planetwide/

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm elastic storage servereqany

Related

ibm 8
prion 1
cvelist 1
nvd 1
cve 1
ibm
ibm
Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1723)
2019-04-15 11:40:01
Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1723).
2018-11-27 19:45:01
Security Bulletin: IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1723) for Power on Linux
2019-05-31 10:40:02
prion
prion
Code injection
2018-10-05 13:29:00
cvelist
cvelist
CVE-2018-1723
2018-10-04 00:00:00
nvd
nvd
CVE-2018-1723
2018-10-05 13:29:09
cve
cve
CVE-2018-1723
2018-10-05 13:29:09

0.001 Low

EPSS

Percentile

20.0%

JSON
Related for 3D4EA4877C29E7669F397B8B54D73F61D9CDCD3A07AFAFF80DAD98250F4998F4
ibm8prion1cvelist1nvd1cve1