5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
Multiple samba vulnerabilities affect IBM Spectrum Scale SMB protocol access method that could cause denial of service. A fix for these vulnerabilities is available.
CVEID:CVE-2020-14318
**DESCRIPTION:**Samba could allow a remote authenticated attacker to obtain sensitive information, caused by a missing permissions check on a directory handle requesting ChangeNotify. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain file name information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191029 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2020-14323
**DESCRIPTION:**Samba is vulnerable to a denial of service, caused by a NULL pointer dereference in the Winbind service. By sending a specially-crafted packet, a local authenticated attacker could exploit this vulnerability to crash the winbind service.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190934 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Scale | 5.0.0 - 5.0.5.4 |
IBM Spectrum Scale | 5.1.0 |
For IBM Spectrum Scale V5.0.0 through V5.0.5.4, apply V5.0.5.5 available from FixCentral at
For IBM Spectrum Scale V5.1.0, apply V5.1.0.1 available from FixCentral at
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale | eq | 5.1 |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N