CVE-2020-4412 - OpenCVE

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix Spectrum Scale
Linux	Linux Kernel

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:spectrum_scale::::::::
	cpe:2.3:a:ibm:spectrum_scale::::::::

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/179987
https://www.ibm.com/support/pages/node/6209004

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2020-05-19T13:15:20.199553Z

Updated: 2024-09-16T20:17:45.429Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4412

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-05-19T14:15:11.720

Modified: 2020-05-19T19:26:05.100

Link: CVE-2020-4412

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Spectrum Scale", "vendor": "IBM", "versions": [{"status": "affected", "version": "4.2.0.0"}, {"status": "affected", "version": "5.0.0.0"}, {"status": "affected", "version": "5.0.4.3"}, {"status": "affected", "version": "4.2.3.21"}]}], "datePublic": "2020-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:L/S:U/AV:N/PR:N/UI:N/C:N/I:N/AC:L/RL:O/E:U/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-19T13:15:20", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6209004"}, {"name": "ibm-spectrum-cve20204412-dos (179987)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179987"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-05-18T00:00:00", "ID": "CVE-2020-4412", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum Scale", "version": {"version_data": [{"version_value": "4.2.0.0"}, {"version_value": "5.0.0.0"}, {"version_value": "5.0.4.3"}, {"version_value": "4.2.3.21"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987."}]}, "impact": {"cvssv3": {"BM": {"A": "L", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6209004", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6209004 (Spectrum Scale)", "url": "https://www.ibm.com/support/pages/node/6209004"}, {"name": "ibm-spectrum-cve20204412-dos (179987)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179987"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:07:47.610Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6209004"}, {"name": "ibm-spectrum-cve20204412-dos (179987)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179987"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4412", "datePublished": "2020-05-19T13:15:20.199553Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T20:17:45.429Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E1B6552-CECC-4F3A-A785-B32048798C99", "versionEndIncluding": "4.2.3.21", "versionStartIncluding": "4.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2908F78-BC39-4C1B-A83F-AFCA284F7498", "versionEndIncluding": "5.0.4.3", "versionStartIncluding": "5.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987."}, {"lang": "es", "value": "El componente filesystem de Spectrum Scale versiones 4.2.0.0 hasta 4.2.3.21 y versiones 5.0.0.0 hasta 5.0.4.3, est\u00e1 afectado por una vulnerabilidad de seguridad de denegaci\u00f3n de servicio. Un atacante puede obligar a los demonios mmfsd y mmsdrserv en Spectrum Scale a salir inesperadamente, impactando la funcionalidad del cl\u00faster de Spectrum Scale y la disponibilidad de los sistemas de archivos administrados por Spectrum Scale. IBM X-Force ID: 179987."}], "id": "CVE-2020-4412", "lastModified": "2020-05-19T19:26:05.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-19T14:15:11.720", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179987"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6209004"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}