IBM8D5C5523E2C39CEBEC1F0782D4034867A864F851026F88B78A3761F7118BD3AESecurity Bulletin: IBM Elastic Storage System is affected by a vulnerability in IBM Spectrum Scale (CVE-2023-30434)
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM Elastic Storage Systems are affected by a vulnerability in IBM Spectrum Scale that could allow a local user to cause the kernel to panic. A fix for this vulnerability is available.
Vulnerability Details
CVEID:CVE-2023-30434
**DESCRIPTION:**IBM Storage Scale could allow a local user to cause a kernel panic.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252187 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Elastic Storage System | 6.1.0.0 - 6.1.2.5 |
| IBM Elastic Storage System | 6.1.3.0 - 6.1.6.0 |
Remediation/Fixes
IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000, 3200, 3500 and 5000 to the following code levels or higher:
If running ESS 6.1.0.0 through 6.1.2.5, upgrade to V6.1.2.6 or higher
If running ESS 6.1.3.0 through 6.1.6.0, upgrade to V6.1.6.1 or higher
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm elastic storage system | eq | 6.1. |
Related
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
5.1%