A security vulnerability has been identified in all levels of IBM Elastic Storage System that could allow an attacker to execute arbirtary code in IBM Spectrum Scale file system. A fix for this vulnerability is available.
CVEID:CVE-2021-29740
**DESCRIPTION:**IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201474 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Elastic Storage System | 6.1.0 - 6.1.0.1 |
IBM Elastic Storage System | 6.0.0 - 6.0.2.0 |
IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000 and 5000 to the following code levels or higher:
V6.1.1.0 or later
V6.0.2.1 or later
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm elastic storage server | eq | 6.0 | |
ibm elastic storage server | eq | 6.1 |