Description
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.
CVSS breakdown
CVSS 3.0
Privileges Required
None
Attack Complexity
High
Availability
High
Integrity
High
Scope
Unchanged
Confidentiality
High
User Interaction
None
Attack Vector
Network
RL
O
E
Unchanged
RC
Changed
Affected products
- ibm / Spectrum Scale4.2.0.0 – 4.2.0.0
- ibm / Spectrum Scale5.0.0.0 – 5.0.0.0
- ibm / Spectrum Scale4.2.3.17 – 4.2.3.17
- ibm / Spectrum Scale5.0.3.2 – 5.0.3.2