CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS
Percentile
9.0%
A security vulnerability has been identified in IBM Spectrum Scale Container Native that could allow access to confidential information on the host. A fix for this vulnerability is available.
CVEID:CVE-2022-41739
**DESCRIPTION:**IBM Spectrum Scale could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host.
CVSS Base score: 7.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237815 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N)
Affected Product(s) | Version(s) |
---|
IBM Spectrum Scale Container Native Storage Access
| 5.1.2.1 - 5.1.6.0
For this specific issue, upgrade to IBM Spectrum Scale container native v5.1.7.0 or later and OpenShift Container Platform 4.11, or higher.
For IBM Spectrum Scale container native, see the supported upgrade paths and follow the version specific steps to upgrade to the target version. <https://www.ibm.com/docs/en/scalecontainernative>.
Note:
If you have some trouble upgrading to the specified level, contact IBM Service.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | spectrum_scale | 5.1. | cpe:2.3:a:ibm:spectrum_scale:5.1.:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS
Percentile
9.0%