7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.2%
A security vulnerability has been identified in IBM Spectrum Scale Container Native Access Storage that could allow a local attacker to execute arbitrary commands. A fix for this vulnerability is available.
CVEID:CVE-2022-43867
**DESCRIPTION:**IBM Spectrum Scale could allow a local attacker to execute arbitrary commands in the container.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239437 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Scale Container Native Storage Access | V5.1.0.1 - V5.1.4.1 |
For IBM Spectrum Scale Container Native Storage Access V5.1.0.1 - V5.1.4.1, apply 5.1.5.0 or later.
Please follow the IBM Spectrum Scale Container Native instructions for upgrade steps to Spectrum Scale Container Native Storage Access 5.1.5.0: <https://www.ibm.com/docs/en/scalecontainernative>
Note that the non-containerized downloads of Spectrum Scale are available on FixCentral here if you’d like to uplevel the storage cluster to match the Spectrum Scale Container Native 5.1.5.0 level.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale | eq | 5.1. |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.2%