Lucene search

K
ibmIBMB5AB0DB0D8964FBC96BFDD4E44B3F1751FCBF304386441B460672E7E8C6272F5
HistoryApr 19, 2019 - 1:35 p.m.

Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-1901)

2019-04-1913:35:01
www.ibm.com
6

0.002 Low

EPSS

Percentile

58.8%

Summary

There is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale. This issue allow a remote attacker to temporarily gain elevated privileges on the system.

Vulnerability Details

CVEID: CVE-2018-1901 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152530&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

The Elastic Storage Server 5.3 thru 5.3.2.1
The Elastic Storage Server 5.0.0 thru 5.2.5
The Elastic Storage Server 4.5.0 thru 4.6.0
The Elastic Storage Server 4.0.0 thru 4.0.6

Remediation/Fixes

For IBM Elastic Storage Server V5.0.0. thru 5.3.2.1, apply V5.3.3.0 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.3.0&platform=All&function=all

For IBM Elastic Storage Server V5.0.0. thru 5.2.5.0, apply V5.2.6 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.2.0&platform=All&function=all

If you are unable to upgrade to ESS 5.3.3.0 or 5.2.6, please contact IBM Service to obtain an efix:

- For IBM Elastic Storage Server 5.3.0.0-5.3.1.1, reference APAR IJ13422
- For IBM Elastic Storage Server 5.0.0- 5.2.4.0, reference APAR IJ10573
- For IBM Elastic Storage Server 4.0.0 - 4.6.0, reference APAR IJ13398

To contact IBM Service, see <http://www.ibm.com/planetwide/&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm elastic storage servereqany

0.002 Low

EPSS

Percentile

58.8%

Related for B5AB0DB0D8964FBC96BFDD4E44B3F1751FCBF304386441B460672E7E8C6272F5