IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by a vulnerability which could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723)

Nov 27, 2018 8:01 am EST

Categorized: Medium Severity

Share this post:

The Elastic Storage Server are affected by a vulnerability in IBM Spectrum Scale could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723).

CVE(s): CVE-2018-1723

Affected product(s) and affected version(s):

The Elastic Storage Server 5.3 thru 5.3.1.1
The Elastic Storage Server 5.0.0 thru 5.2.3
The Elastic Storage Server 4.5.0 thru 4.6.0
The Elastic Storage Server 4.0.0 thru 4.0.6

The Elastic Storage Server 3.5.0 thru 3.5.6
The Elastic Storage Server 3.0.0 thru 3.0.5
The Elastic Storage Server 2.5.0 thru 2.5.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10740163
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147373



from IBM Product Security Incident Response Team https://ift.tt/2KC3Lsy