4

CVE-2017-1654

IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSpectrum Scale Version >= 4.1.1.0 <= 4.1.1.18
IbmSpectrum Scale Version >= 4.2.0.0 <= 4.2.0.4
IbmSpectrum Scale Version >= 4.2.1.0 <= 4.2.1.2
IbmSpectrum Scale Version >= 4.2.2.0 <= 4.2.2.3
IbmSpectrum Scale Version >= 4.2.3.0 <= 4.2.3.6
IbmSpectrum Scale Version5.0.0.0
IbmGeneral Parallel File System Version4.1.0.0
IbmGeneral Parallel File System Version4.1.0.1
IbmGeneral Parallel File System Version4.1.0.2
IbmGeneral Parallel File System Version4.1.0.3
IbmGeneral Parallel File System Version4.1.0.4
IbmGeneral Parallel File System Version4.1.0.5
IbmGeneral Parallel File System Version4.1.0.6
IbmGeneral Parallel File System Version4.1.0.7
IbmGeneral Parallel File System Version4.1.0.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.303
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
psirt@us.ibm.com 4 2.5 1.4
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.ibm.com/support/docview.wss?uid=ssg1S1010869
Patch
Vendor Advisory
http://www.securitytracker.com/id/1040747
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/133378
Vendor Advisory
VDB Entry