CVE-2018-1431

EUVD-2018-12010
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
LOCAL
HIGH
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.4 HIGH
LOCAL
HIGH
NONE
CVSS:3.0/A:H/AC:H/AV:L/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
ibmgeneral_parallel_file_system
4.1.0.0 ≤
𝑥
≤ 4.1.0.8
ibmspectrum_scale
4.1.1.0 ≤
𝑥
≤ 4.1.1.19
ibmspectrum_scale
4.2.0.0 ≤
𝑥
≤ 4.2.0.4
ibmspectrum_scale
4.2.1.0 ≤
𝑥
≤ 4.2.1.2
ibmspectrum_scale
4.2.2.0 ≤
𝑥
≤ 4.2.2.3
ibmspectrum_scale
4.2.3.0 ≤
𝑥
≤ 4.2.3.8
ibmspectrum_scale
5.0.0.0 ≤
𝑥
≤ 5.0.0.2
𝑥
= Vulnerable software versions
References
http://www.ibm.com/support/docview.wss?uid=ssg1S1012049
http://www.securityfocus.com/bid/105546
https://exchange.xforce.ibmcloud.com/vulnerabilities/139240
http://www.ibm.com/support/docview.wss?uid=ssg1S1012049
http://www.securityfocus.com/bid/105546
https://exchange.xforce.ibmcloud.com/vulnerabilities/139240