Lucene search

K
ibmIBMF2C922A0F2152EDCC3B959115243578EFDB6FA8C2790063FE899E4DAACE8EE1C
HistoryMar 10, 2023 - 8:51 p.m.

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale which could allow unauthorized access to user data or injection of arbitrary data in the communication protocol (CVE-2020-4927)

2023-03-1020:51:07
www.ibm.com
20
ibm spectrum scale
unauthorized access
user data
arbitrary data
communication protocol
cve-2020-4927

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

44.6%

Summary

A security vulnerability has been identified in all levels of IBM Spectrum Scale which could allow unauthorized access to user data or injection of arbitrary data in the communication protocol . This vulnerability only affects Spectrum Scale clusters that host file systems. Clusters that only mount file systems owned by other Scale clusters are not impacted. A fix for this vulnerability is available.

Vulnerability Details

CVEID:CVE-2020-4927
**DESCRIPTION:**A vulnerability in the Spectrum Scale core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191695 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Scale 5.0.5.0 - 5.1.6.1

Remediation/Fixes

For IBM Spectrum Scale levels V5.1.6.1 and lower, apply V5.1.7.0 or later available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.7&platform=All&function=all

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmspectrum_scaleMatch5.1.
CPENameOperatorVersion
ibm spectrum scaleeq5.1.

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

44.6%

Related for F2C922A0F2152EDCC3B959115243578EFDB6FA8C2790063FE899E4DAACE8EE1C