Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF70F0658F6B29A3F415B2CFAF768B5A8539CBF850907EAB744EB67F242B86B33
HistoryAug 26, 2020 - 2:47 p.m.

Security Bulletin: Openstack Keystone vulnerabilities affects IBM Spectrum Scale (CVE-2020-12689)

2020-08-2614:47:51
www.ibm.com
7

0.011 Low

EPSS

Percentile

84.3%

JSON

Summary

IBM Spectrum Scale, shipped with Openstack keystone, is exposed to vulnerabilities as detailed below.

Vulnerability Details

CVEID:CVE-2020-12689
**DESCRIPTION:**OpenStack Keystone could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper permission validation. By creating an EC2 credential, an authenticated attacker could exploit this vulnerability to gain elevated privileges as admin.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181609 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-12692
**DESCRIPTION:**OpenStack Keystone could allow a remote attacker to bypass security restrictions, caused by improper signature TTL validation for AWS Signature V4. By sniffing the Authorization header, an attacker could exploit this vulnerability to reissue an OpenStack token an unlimited number of times.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)

CVEID:CVE-2020-12691
**DESCRIPTION:**OpenStack Keystone could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper permission validation. By creating an EC2 credential, an authenticated attacker could exploit this vulnerability to gain elevated privileges as admin.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-12690
**DESCRIPTION:**OpenStack Keystone could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an issue with the provided keystone token having more role assignments than the creator intended. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges .
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181610 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Scale 5.0.0 - 5.0.5

Remediation/Fixes

For IBM Spectrum Scale V5.0.0.0 through 5.0.5, apply V5.0.5.1 available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum scaleeq5.0

Related

osv 11
openvas 2
nessus 5
redhat 4
ubuntu 1
ubuntucve 4
cve 4
redhatcve 4
debiancve 4
veracode 4
github 4
prion 4
cvelist 4
nvd 4
ibm 1
osv
osv
keystone - security update
2020-05-06 00:00:00
CVE-2020-12689
2020-05-07 00:15:10
PYSEC-2020-54
2020-05-07 00:15:00
openvas
openvas
Ubuntu: Security Advisory (USN-4480-1)
2020-09-02 00:00:00
Debian: Security Advisory (DSA-4679-1)
2020-05-08 00:00:00
nessus
nessus
Ubuntu 18.04 LTS : OpenStack Keystone vulnerabilities (USN-4480-1)
2020-09-02 00:00:00
RHEL 8 : openstack-keystone (RHSA-2020:3102)
2020-07-22 00:00:00
RHEL 8 : openstack-keystone (RHSA-2020:3105)
2020-07-22 00:00:00
redhat
redhat
(RHSA-2020:3105) Important: openstack-keystone security update
2020-07-22 12:28:32
(RHSA-2020:3102) Important: openstack-keystone security update
2020-07-22 12:24:32
(RHSA-2020:2732) Important: openstack-keystone security update
2020-06-24 12:25:05
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2020-09-01 00:00:00
ubuntucve
ubuntucve
CVE-2020-12691
2020-05-07 00:00:00
CVE-2020-12689
2020-05-07 00:00:00
CVE-2020-12690
2020-05-07 00:00:00
cve
cve
CVE-2020-12690
2020-05-07 00:15:10
CVE-2020-12689
2020-05-07 00:15:10
CVE-2020-12691
2020-05-07 00:15:10
redhatcve
redhatcve
CVE-2020-12690
2020-05-07 19:39:54
CVE-2020-12689
2020-05-07 19:39:53
CVE-2020-12691
2020-05-07 19:40:01
debiancve
debiancve
CVE-2020-12690
2020-05-07 00:15:10
CVE-2020-12692
2020-05-07 00:15:10
CVE-2020-12689
2020-05-07 00:15:10
veracode
veracode
Privilege Escalation
2020-06-24 05:07:48
Privilege Escalation
2020-05-08 05:49:25
Man-in-the-Middle (MitM)
2020-05-08 05:36:35
github
github
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
2022-05-24 17:17:22
Insufficient Session Expiration in OpenStack Keystone
2021-06-09 17:34:09
OpenStack Keystone does not check signature TTL of the EC2 credential auth method
2022-05-24 17:17:23
prion
prion
Design/Logic Flaw
2020-05-07 00:15:00
Code injection
2020-05-07 00:15:00
Authorization
2020-05-07 00:15:00
cvelist
cvelist
CVE-2020-12690
2020-05-06 23:43:10
CVE-2020-12691
2020-05-06 23:43:01
CVE-2020-12689
2020-05-06 23:43:20
nvd
nvd
CVE-2020-12689
2020-05-07 00:15:10
CVE-2020-12692
2020-05-07 00:15:10
CVE-2020-12690
2020-05-07 00:15:10
ibm
ibm
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities
2024-05-21 09:37:09

0.011 Low

EPSS

Percentile

84.3%

JSON
Related for F70F0658F6B29A3F415B2CFAF768B5A8539CBF850907EAB744EB67F242B86B33
osv11openvas2nessus5redhat4ubuntu1ubuntucve4cve4redhatcve4debiancve4veracode4github4prion4cvelist4nvd4ibm1