Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF75F7B155738A6B215CA26EC26A780536B8FE9B3819236EAA92A8DB749A0AB38
HistoryMay 31, 2019 - 8:25 p.m.

Security Bulletin: IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1723)

2019-05-3120:25:02
www.ibm.com
9

EPSS

0.001

Percentile

20.0%

JSON

Summary

There is a vulnerability in the GPFS component that is used by IBM PureApplication System. IBM has released Version 2.2.5.3 for IBM PureApplication System, in response to CVE-2018-1723. IBM PureApplication System provides a GPFS pattern and addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2018-1723 DESCRIPTION: IBM Spectrum Scale could allow a GPFS command line utility allows an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147373&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM PureApplication System V2.2.3.0
IBM PureApplication System V2.2.3.1
IBM PureApplication System V2.2.3.2
IBM PureApplication System V2.2.4.0
IBM PureApplication System V2.2.5.0
IBM PureApplication System V2.2.5.1
IBM PureApplication System V2.2.5.2
IBM PureApplication System V2.2.5.3

Remediation/Fixes

IBM PureApplication System has a dependency on IBM DB2 Server Enterprise Edition V10.5.
See the following security bulletin for vulnerability details and information about fixes addressed by IBM DB2 Server Enterprise Edition V10.5, which is shipped with IBM PureApplication System:
Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1723)

For pLinux:

Upgrade IBM PureApplication System to the following fix pack release:

- IBM PureApplication V2.2.6.0

For Intel:

Upgrade IBM PureApplication System to the following fix pack release:

- IBM PureApplication V2.2.5.3

For AIX:

Upgrade IBM PureApplication System to the following fix pack release:

- IBM PureApplication V2.2.5.3

Information on upgrading can be found here: <http://www-01.ibm.com/support/docview.wss?uid=swg27039159&gt;

Workarounds and Mitigations

None

Related

ibm 8
prion 1
cvelist 1
nvd 1
cve 1
ibm
ibm
Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1723) for Power on Linux
2019-05-31 10:30:01
Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by a vulnerability which could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723)
2018-11-26 16:45:01
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a unprivileged, auntheticated user to read aribiratry file on node
2018-10-04 07:05:01
prion
prion
Code injection
2018-10-05 13:29:00
cvelist
cvelist
CVE-2018-1723
2018-10-05 13:00:00
nvd
nvd
CVE-2018-1723
2018-10-05 13:29:09
cve
cve
CVE-2018-1723
2018-10-05 13:29:09

EPSS

0.001

Percentile

20.0%

JSON
Related for F75F7B155738A6B215CA26EC26A780536B8FE9B3819236EAA92A8DB749A0AB38
ibm8prion1cvelist1nvd1cve1