fkie_cve-2017-1654
Vulnerability from fkie_nvd
Published
2018-03-02 17:29
Modified
2024-11-21 03:22
Severity ?
4.0 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ssg1S1010869 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040747 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/133378 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ssg1S1010869 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040747 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/133378 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_scale | * | |
| ibm | spectrum_scale | * | |
| ibm | spectrum_scale | * | |
| ibm | spectrum_scale | * | |
| ibm | spectrum_scale | * | |
| ibm | spectrum_scale | 5.0.0.0 | |
| ibm | general_parallel_file_system | 4.1.0.0 | |
| ibm | general_parallel_file_system | 4.1.0.1 | |
| ibm | general_parallel_file_system | 4.1.0.2 | |
| ibm | general_parallel_file_system | 4.1.0.3 | |
| ibm | general_parallel_file_system | 4.1.0.4 | |
| ibm | general_parallel_file_system | 4.1.0.5 | |
| ibm | general_parallel_file_system | 4.1.0.6 | |
| ibm | general_parallel_file_system | 4.1.0.7 | |
| ibm | general_parallel_file_system | 4.1.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC783AA-F7AA-40A1-8277-214F0D8B118A",
"versionEndIncluding": "4.1.1.18",
"versionStartIncluding": "4.1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D23238D-249E-4DE9-9AD1-561EFB0B8518",
"versionEndIncluding": "4.2.0.4",
"versionStartIncluding": "4.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "208F0B90-ABE8-40DA-8344-39C7815B3116",
"versionEndIncluding": "4.2.1.2",
"versionStartIncluding": "4.2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D93CD87-07E5-4020-9383-CFE6219BD243",
"versionEndIncluding": "4.2.2.3",
"versionStartIncluding": "4.2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6305DEAF-8694-4BCD-8974-A5270268DC79",
"versionEndIncluding": "4.2.3.6",
"versionStartIncluding": "4.2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_scale:5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86C6E40C-8563-438B-AA6A-1C716B6FF1D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E78F4327-0160-467E-8C2C-BDEBB4149227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD19B4F-5738-4CB1-99FC-F40FDA8388AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B497D629-62AB-4F21-BDF4-02336A19E04C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10E68BB2-4132-46F1-B8E9-9FA03FEB92BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CBA1A7-02AF-4D59-A6FF-9C52903986EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC1912-1412-45B6-920C-A52510095977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "59A4A5C6-8DF0-4431-BE2C-5C6815371C98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F90908FF-0E10-4AFD-A38C-4D5E50C05FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "591E5985-29A1-4C06-8832-DA1587CFE101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378."
},
{
"lang": "es",
"value": "IBM Spectrum Scale 4.1.1 y 4.2.0 - 4.2.3 podr\u00eda permitir que un usuario local sin privilegios acceda a informaci\u00f3n situada en archivos de volcado. Los datos de usuario podr\u00edan enviarse a IBM durante las interacciones del servicio. IBM X-Force ID: 133378."
}
],
"id": "CVE-2017-1654",
"lastModified": "2024-11-21T03:22:10.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-02T17:29:00.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040747"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133378"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.