CVE-2018-1723 - OpenCVE

IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Spectrum Scale

Configuration 1 [-]

OR	cpe:2.3:a:ibm:spectrum_scale::::::::
	cpe:2.3:a:ibm:spectrum_scale::::::::
	cpe:2.3:a:ibm:spectrum_scale::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105975
https://exchange.xforce.ibmcloud.com/vulnerabilities/147373
https://www.ibm.com/support/docview.wss?uid=ibm10732713

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2018-10-05T13:00:00Z

Updated: 2024-09-16T21:02:50.529Z

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1723

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-10-05T13:29:09.273

Modified: 2019-10-09T23:38:57.663

Link: CVE-2018-1723

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Spectrum Scale", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.0.0"}, {"status": "affected", "version": "5.0.1.2"}, {"status": "affected", "version": "4.2.0.0"}, {"status": "affected", "version": "4.2.3.10"}, {"status": "affected", "version": "4.1.1.0"}, {"status": "affected", "version": "4.1.1.20"}]}], "datePublic": "2018-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-18T09:06:07", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-spectrum-cve20181723-info-disc(147373)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147373"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10732713"}, {"name": "105975", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105975"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-10-04T00:00:00", "ID": "CVE-2018-1723", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum Scale", "version": {"version_data": [{"version_value": "5.0.0"}, {"version_value": "5.0.1.2"}, {"version_value": "4.2.0.0"}, {"version_value": "4.2.3.10"}, {"version_value": "4.1.1.0"}, {"version_value": "4.1.1.20"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "ibm-spectrum-cve20181723-info-disc(147373)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147373"}, {"name": "https://www.ibm.com/support/docview.wss?uid=ibm10732713", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10732713"}, {"name": "105975", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105975"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:07:44.297Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-spectrum-cve20181723-info-disc(147373)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147373"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10732713"}, {"name": "105975", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105975"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1723", "datePublished": "2018-10-05T13:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T21:02:50.529Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", "matchCriteriaId": "297FCD8F-C2F0-49AA-8EF1-54B905FF10EF", "versionEndIncluding": "4.1.1.20", "versionStartIncluding": "4.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D53E181-1308-459B-B8F3-FF4EAFD7ABF9", "versionEndIncluding": "4.2.3.10", "versionStartIncluding": "4.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD60DDB3-9220-4F7C-A572-85F13BDB061E", "versionEndIncluding": "5.0.1.2", "versionStartIncluding": "5.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373."}, {"lang": "es", "value": "IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 y 5.0.1.2 podr\u00eda permitir que una utilidad de l\u00ednea de comandos GPFS permita que un usuario autenticado sin privilegios con acceso a un nodo GPFS lea archivos arbitrarios disponibles en este nodo. IBM X-Force ID: 147373."}], "id": "CVE-2018-1723", "lastModified": "2019-10-09T23:38:57.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2018-10-05T13:29:09.273", "references": [{"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105975"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147373"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10732713"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}