IBM61B0FDA7E3A00770C346477CF31CBEBDE0AEAC1E60610982B97DBCA95928015FSecurity Bulletin: Security vulnerability has been identified in IBM Spectrum Scale which is used by IBM PureApplication Systems/Service (CVE-2017-1654)
0.001 Low
EPSS
Percentile
20.3%
Summary
A security vulnerability has been identified in IBM Spectrum Scale that could allow a local user access to other users data in dump files.
Vulnerability Details
CVEID: CVE-2017-1654**
DESCRIPTION:** IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133378 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
Affected Products and Versions
IBM PureApplication System V2.1.0.0
IBM PureApplication System V2.1.0.1
IBM PureApplication System V2.1.0.2
IBM PureApplication System V2.1.0.0
IBM PureApplication System V2.1.1.0
IBM PureApplication System V2.1.2.0
IBM PureApplication System V2.1.2.1
IBM PureApplication System V2.1.2.2
IBM PureApplication System V2.1.2.3
IBM PureApplication System V2.1.2.4
IBM PureApplication System V2.2.0.0
IBM PureApplication System V2.2.1.0
IBM PureApplication System V2.2.2.0
IBM PureApplication System V2.2.2.1
IBM PureApplication System V2.2.2.2
IBM PureApplication System V2.2.3.0
IBM PureApplication System V2.2.3.1
IBM PureApplication System V2.2.3.2
IBM PureApplication System V2.2.4.0
Remediation/Fixes
The solution is to upgrade the IBM PureApplication System to the following fix level:
IBM PureApplication V2.2.0.0, V2.2.1.0, V2.2.2.0, V2.2.2.1, V2.2.2.2, V2.2.3.0, V2.2.3.1, V2.2.3.2, V2.2.4.0
- Upgrade to IBM PureApplication V2.2.5.0. Contact IBM for assistance.
IBM PureApplication System V2.1.0.0, V2.1.0.1, V2.1.0.2, V2.1.0.0, V2.1.1.0, V2.1.2.0, V2.1.2.1, V2.1.2.2, V2.1.2.3, V2.1.2.4:
- Upgrade to IBM PureApplication System V2.2.5.0. Contact IBM for assistance
** For 2.1 and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
PureApplication Software:
Linux:
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.2.5.0&platform=All&function=fixId&fixids=pureappsw_content_2250&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc
Information on upgrading can be found here: <http://www-01.ibm.com/support/docview.wss?uid=swg27039159>
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
20.3%