Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC5F298A8D3BEE7887EDBF2E99B9AF7A64DA6645CDDEE2E7872E79E3BFA28F65A
HistoryOct 04, 2018 - 7:05 a.m.

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a unprivileged, auntheticated user to read aribiratry file on node

2018-10-0407:05:01
www.ibm.com
5

0.001 Low

EPSS

Percentile

20.0%

JSON

Summary

IBM Spectrum Scale could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node.

Vulnerability Details

CVEID: CVE-2018-1723 DESCRIPTION: IBM Spectrum Scale could allow a GPFS command line utility allows an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147373&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Spectrum Scale V5.0.0 thru V5.0.1.2

IBM Spectrum Scale V4.2.0.0 thru V4.2.3.10

IBM Spectrum Scale V4.1.1.0 thru V4.1.1.20

Remediation/Fixes

For IBM Spectrum Scale V5.0.0.0 thru V5.0.1.2, apply V5.0.2.0 available from FixCentral at
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.2&platform=All&function=all

For IBM Spectrum Scale V4.2.0.0 thru V4.2.3.10, apply V4.2.3.11 available from FixCentral at
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.3&platform=All&function=all

For IBM Spectrum Scale V4.1.0.0 (GPFS) thru V4.1.1.20, apply V4.1.1.21 available from FixCentral at
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=All&function=all

If you cannot apply the latest level of service, contact IBM Service for an efix:

  • IBM Specrum Scale 5.0.0.0 thru V5.0.1.2, reference APAR IJ08237
  • IBM Spectrum Scale 4.2.0.0 thru 4.2.3.10, reference APAR IJ08232
  • IBM Spectrum Scale 4.1.0.0 thru 4.1.1.20, reference APAR IJ08224

To contact IBM Service, see http://www.ibm.com/planetwide/

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum scaleeqany

Related

ibm 8
prion 1
cvelist 1
nvd 1
cve 1
ibm
ibm
Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1723)
2019-04-15 11:40:01
Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1723).
2018-11-27 19:45:01
Security Bulletin: IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1723) for Power on Linux
2019-05-31 10:40:02
prion
prion
Code injection
2018-10-05 13:29:00
cvelist
cvelist
CVE-2018-1723
2018-10-04 00:00:00
nvd
nvd
CVE-2018-1723
2018-10-05 13:29:09
cve
cve
CVE-2018-1723
2018-10-05 13:29:09

0.001 Low

EPSS

Percentile

20.0%

JSON
Related for C5F298A8D3BEE7887EDBF2E99B9AF7A64DA6645CDDEE2E7872E79E3BFA28F65A
ibm8prion1cvelist1nvd1cve1