CVE-2020-4278 - OpenCVE

IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Platform Lsf Spectrum Computing For High Performance Analytics Spectrum Lsf

Configuration 1 [-]

OR	cpe:2.3:a:ibm:platform_lsf:9.1:::::::*
	cpe:2.3:a:ibm:platform_lsf:10.1:::::::*
	cpe:2.3:a:ibm:spectrum_computing_for_high_performance_analytics:10.2:::::::*
	cpe:2.3:a:ibm:spectrum_lsf:10.2:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/176137
https://www.ibm.com/support/pages/node/3357549

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2020-03-05T15:20:13.418950Z

Updated: 2024-09-16T20:16:43.705Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4278

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-03-05T16:15:12.033

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-4278

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Spectrum LSF", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.1"}, {"status": "affected", "version": "9.1"}]}, {"product": "Spectrum LSF Suites", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.2"}]}, {"product": "Spectrum Computing Suite for High Performance Analytics", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.2"}]}], "datePublic": "2020-02-25T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:H/C:H/AC:H/A:H/PR:N/S:U/AV:L/UI:N/RL:O/E:U/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-05T15:20:13", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/3357549"}, {"name": "ibm-spectrum-cve20204278-priv-escalation (176137)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176137"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-02-25T00:00:00", "ID": "CVE-2020-4278", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum LSF", "version": {"version_data": [{"version_value": "10.1"}, {"version_value": "9.1"}]}}, {"product_name": "Spectrum LSF Suites", "version": {"version_data": [{"version_value": "10.2"}]}}, {"product_name": "Spectrum Computing Suite for High Performance Analytics", "version": {"version_data": [{"version_value": "10.2"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "H", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Privileges"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/3357549", "refsource": "CONFIRM", "title": "IBM Security Bulletin 3357549 (Spectrum LSF)", "url": "https://www.ibm.com/support/pages/node/3357549"}, {"name": "ibm-spectrum-cve20204278-priv-escalation (176137)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176137"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:00:06.937Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/3357549"}, {"name": "ibm-spectrum-cve20204278-priv-escalation (176137)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176137"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4278", "datePublished": "2020-03-05T15:20:13.418950Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T20:16:43.705Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:platform_lsf:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "65E29801-D634-41CC-AA36-5FA278E04965", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:platform_lsf:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "81ECC740-1EB5-459C-81C1-1EE912A2F24A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_computing_for_high_performance_analytics:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "767F61B6-5F0A-4076-ADEF-F5EE4AEF0176", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_lsf:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "FA523B21-A6C0-4590-954B-E5D7A52E0186", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137."}, {"lang": "es", "value": "IBM Platform LSF versiones 9.1 y 10.1, IBM Spectrum LSF Suite versi\u00f3n 10.2 e IBM Spectrum Suite para HPA versi\u00f3n 10.2, podr\u00edan permitir a un usuario local escalar sus privilegios debido a permisos de archivos d\u00e9biles cuando son habilitadas configuraciones de depuraci\u00f3n espec\u00edficas en un entorno Linux o Unix. ID de IBM X-Force: 176137."}], "id": "CVE-2020-4278", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.4, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-05T16:15:12.033", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176137"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/3357549"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}