Lucene search

K
ibmIBMB5AB0DB0D8964FBC96BFDD4E44B3F1751FCBF304386441B460672E7E8C6272F5
HistoryApr 19, 2019 - 1:35 p.m.

Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-1901)

2019-04-1913:35:01
www.ibm.com
5

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.7%

Summary

There is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale. This issue allow a remote attacker to temporarily gain elevated privileges on the system.

Vulnerability Details

CVEID: CVE-2018-1901 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152530&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

The Elastic Storage Server 5.3 thru 5.3.2.1
The Elastic Storage Server 5.0.0 thru 5.2.5
The Elastic Storage Server 4.5.0 thru 4.6.0
The Elastic Storage Server 4.0.0 thru 4.0.6

Remediation/Fixes

For IBM Elastic Storage Server V5.0.0. thru 5.3.2.1, apply V5.3.3.0 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.3.0&platform=All&function=all

For IBM Elastic Storage Server V5.0.0. thru 5.2.5.0, apply V5.2.6 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.2.0&platform=All&function=all

If you are unable to upgrade to ESS 5.3.3.0 or 5.2.6, please contact IBM Service to obtain an efix:

- For IBM Elastic Storage Server 5.3.0.0-5.3.1.1, reference APAR IJ13422
- For IBM Elastic Storage Server 5.0.0- 5.2.4.0, reference APAR IJ10573
- For IBM Elastic Storage Server 4.0.0 - 4.6.0, reference APAR IJ13398

To contact IBM Service, see <http://www.ibm.com/planetwide/&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm elastic storage servereqany

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.7%

Related for B5AB0DB0D8964FBC96BFDD4E44B3F1751FCBF304386441B460672E7E8C6272F5