Security Bulletin: A vulnerability in IBM Spectrum Scale could allow a local attacker to execute arbitrary commands (CVE-2022-43867)

Summary

A security vulnerability has been identified in IBM Spectrum Scale Container Native Access Storage that could allow a local attacker to execute arbitrary commands. A fix for this vulnerability is available.

Vulnerability Details

CVEID:CVE-2022-43867
**DESCRIPTION:**IBM Spectrum Scale could allow a local attacker to execute arbitrary commands in the container.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239437 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

For IBM Spectrum Scale Container Native Storage Access V5.1.0.1 - V5.1.4.1, apply 5.1.5.0 or later.

Please follow the IBM Spectrum Scale Container Native instructions for upgrade steps to Spectrum Scale Container Native Storage Access 5.1.5.0: <https://www.ibm.com/docs/en/scalecontainernative&gt;

Note that the non-containerized downloads of Spectrum Scale are available on FixCentral here if you’d like to uplevel the storage cluster to match the Spectrum Scale Container Native 5.1.5.0 level.

Workarounds and Mitigations

None