Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB455C9B629D475E86F18C4B8A83946E2521E0D97883F93855D4603E788A9DF0D
HistoryOct 19, 2020 - 10:24 a.m.

Security Bulletin: Multiple vulnerabilities affect the IBM Spectrum Scale GUI.

2020-10-1910:24:03
www.ibm.com
8

0.001 Low

EPSS

Percentile

32.7%

JSON

Summary

Vulnerabilities exist in all levels of IBM Spectrum Scale GUI. A fix for this vulnerability is available.

Vulnerability Details

CVEID:CVE-2020-4749
**DESCRIPTION:**IBM Spectrum Scale does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188518 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-4755
**DESCRIPTION:**IBM Spectrum Scale is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188595 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2020-4748
**DESCRIPTION:**IBM Spectrum Scale is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188517 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Scale 5.0.0 - 5.0.5.2

Remediation/Fixes

IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Spectrum Scale to the following code levels or higher:

V5.0.5.3

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all

For unsupported versions of the product, IBM recommends upgrading to a fixed, supported version of code.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum scaleeq5.0

Related

ibm 1
cve 3
prion 3
cvelist 3
nvd 3
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect the IBM Elastic Storage System GUI
2020-12-11 16:13:47
cve
cve
CVE-2020-4755
2020-10-20 15:15:13
CVE-2020-4749
2020-10-20 15:15:13
CVE-2020-4748
2020-10-20 15:15:13
prion
prion
Cross site scripting
2020-10-20 15:15:00
Cross site scripting
2020-10-20 15:15:00
Authorization
2020-10-20 15:15:00
cvelist
cvelist
CVE-2020-4755
2020-10-19 00:00:00
CVE-2020-4748
2020-10-19 00:00:00
CVE-2020-4749
2020-10-19 00:00:00
nvd
nvd
CVE-2020-4755
2020-10-20 15:15:13
CVE-2020-4748
2020-10-20 15:15:13
CVE-2020-4749
2020-10-20 15:15:13

0.001 Low

EPSS

Percentile

32.7%

JSON
Related for B455C9B629D475E86F18C4B8A83946E2521E0D97883F93855D4603E788A9DF0D
ibm1cve3prion3cvelist3nvd3