Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC3E4C35B459F5F35D283365041B87205FAA9FA6D58863E58EDAD4A56580804BD
HistoryAug 01, 2018 - 9:11 p.m.

Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2015-7488)

2018-08-0121:11:12
www.ibm.com
6

0.002 Low

EPSS

Percentile

59.7%

JSON

Summary

A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 thru 4.1.1.3 and V4.2.0.0 that could allow a local, unprivileged user or a user with network access to the IBM Spectrum Scale cluster, access to the LDAP directory bind user password when File protocol is deployed with LDAP / LDAP with Kerberos based authentication.

Vulnerability Details

CVEID: CVE-2015-7488 DESCRIPTION: IBM Spectrum Scale could allow a local, unprivileged user or a user with network access to the IBM Spectrum Scale cluster_, _ access to the_ _LDAP directory bind user password when File protocol is deployed with LDAP / LDAP with Kerberos based authentication.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108784 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

IBM Spectrum Scale V4.1.1 thru 4.1.1.3 and V4.2

Remediation/Fixes

The following fixes will need to be applied to all nodes in the cluster regardless of whether they are configured as protocol nodes or not.

For IBM Spectrum Scale V4.1.1.0 thru 4.1.1.3, apply 4.1.1.4 available at http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=All&function=all

For IBM Spectrum Scale V4.2, apply 4.2.0.1 available at
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=All&platform=All&function=all

After all nodes have either been upgraded to 4.1.1.4 or 4.2.0.1, run the following commands:

  • mmchconfig release=LATEST

mmlsconfig minReleaseLevel

Verify the reported value of minReleaseLevel is 4.1.1.4 or higher. The value should be 4.2.0.1 if all nodes in the cluster are running with version 4.2.0.1 .

Workarounds and Mitigations

None

Related

ibm 4
nvd 1
prion 1
cvelist 1
cve 1
ibm
ibm
Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7488)
2018-06-15 07:05:37
Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2015-7488)
2021-03-08 18:46:29
Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2015-7488)
2021-03-08 18:46:02
nvd
nvd
CVE-2015-7488
2016-01-27 05:59:02
prion
prion
Design/Logic Flaw
2016-01-27 05:59:00
cvelist
cvelist
CVE-2015-7488
2016-01-27 02:00:00
cve
cve
CVE-2015-7488
2016-01-27 05:59:02

0.002 Low

EPSS

Percentile

59.7%

JSON
Related for C3E4C35B459F5F35D283365041B87205FAA9FA6D58863E58EDAD4A56580804BD
ibm4nvd1prion1cvelist1cve1