8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
There is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale. This issue allow a remote attacker to temporarily gain elevated privileges on the system.
IBM WebSphere Application Server is used to provide graphical user interface for managing Spectrum Scale. The command line interface (CLI) interface is unaffected by this issue.
CVEID: CVE-2018-1901 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152530> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
IBM Spectrum Scale V5.0.0.0 thru V5.0.2.2
IBM Spectrum Scale V4.2.0.0 thru V4.2.3.12
For IBM Spectrum Scale V5.0.0.0 thru 5.0.2.2, apply V5.0.2.3 available from FixCentral at:
For IBM Spectrum Scale V4.2.0.0 thru V4.2.3.12, apply V4.2.3.13 available from FixCentral at:
If you cannot apply the latest level of service, contact IBM Service for an efix
- For IBM Spectrum Scale V5.0.0-5.0.2.2, reference IJ13422
- For IBM Spectrum Scale V4.2.0.0-4.2.3.12, reference IJ13398
To contact IBM Service, see http://www.ibm.com/planetwide/
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale | eq | 4.2.3 | |
ibm spectrum scale | eq | 5.0.0 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P