IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by a vulnerability which could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723)
Nov 27, 2018 8:01 am EST
Categorized: Medium Severity
Share this post:
The Elastic Storage Server are affected by a vulnerability in IBM Spectrum Scale could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723).
CVE(s): CVE-2018-1723
Affected product(s) and affected version(s):
The Elastic Storage Server 5.3 thru 5.3.1.1
The Elastic Storage Server 5.0.0 thru 5.2.3
The Elastic Storage Server 4.5.0 thru 4.6.0
The Elastic Storage Server 4.0.0 thru 4.0.6
The Elastic Storage Server 3.5.0 thru 3.5.6
The Elastic Storage Server 3.0.0 thru 3.0.5
The Elastic Storage Server 2.5.0 thru 2.5.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10740163
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147373
from IBM Product Security Incident Response Team https://ift.tt/2KC3Lsy