PT-2018-6286 · Ibm · Ibm Spectrum Scale

Published

2018-03-02

Updated

2019-10-09

CVE-2017-1654

CVSS v3.1

4.0

Medium

Vector

A:N/AC:L/AV:L/C:L/I:N/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Scale versions 4.1.1 and 4.2.0 through 4.2.3

Description: A local unprivileged user could access information located in dump files. User data could be sent to IBM during service engagements.

Recommendations: For versions 4.1.1, consider restricting access to dump files until a fix is available. For versions 4.2.0 through 4.2.3, restrict access to dump files to prevent unauthorized data access.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-1654

Affected Products

Ibm Spectrum Scale

PT-2018-6286 · Ibm · Ibm Spectrum Scale

CVE-2017-1654

Weakness Enumeration

Related Identifiers

Affected Products

References · 5