8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.7%
There is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale. This issue allow a remote attacker to temporarily gain elevated privileges on the system.
CVEID: CVE-2018-1901 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152530> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
The Elastic Storage Server 5.3 thru 5.3.2.1
The Elastic Storage Server 5.0.0 thru 5.2.5
The Elastic Storage Server 4.5.0 thru 4.6.0
The Elastic Storage Server 4.0.0 thru 4.0.6
For IBM Elastic Storage Server V5.0.0. thru 5.3.2.1, apply V5.3.3.0 available from FixCentral at:
For IBM Elastic Storage Server V5.0.0. thru 5.2.5.0, apply V5.2.6 available from FixCentral at:
If you are unable to upgrade to ESS 5.3.3.0 or 5.2.6, please contact IBM Service to obtain an efix:
- For IBM Elastic Storage Server 5.3.0.0-5.3.1.1, reference APAR IJ13422
- For IBM Elastic Storage Server 5.0.0- 5.2.4.0, reference APAR IJ10573
- For IBM Elastic Storage Server 4.0.0 - 4.6.0, reference APAR IJ13398
To contact IBM Service, see <http://www.ibm.com/planetwide/>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm elastic storage server | eq | any |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.7%