PT-2023-14380 · Ibm · Ibm Spectrum Scale+1

Bayram Semih Çomak

Published

2023-02-08

Updated

2023-02-21

CVE-2022-43869

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions IBM Spectrum Scale versions 5.1.0.0 through 5.1.5.1 IBM Elastic Storage System versions 6.1.0.0 through 6.1.4.1

Description The issue allows an authenticated user to cause a denial of service through the GUI using a format string attack.

Recommendations For IBM Spectrum Scale versions 5.1.0.0 through 5.1.5.1, consider disabling access to the GUI as a temporary workaround until a patch is available. For IBM Elastic Storage System versions 6.1.0.0 through 6.1.4.1, restrict access to the GUI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2022-43869

Affected Products

Ibm Elastic Storage System

Ibm Spectrum Scale

PT-2023-14380 · Ibm · Ibm Spectrum Scale+1

CVE-2022-43869

Weakness Enumeration

Related Identifiers

Affected Products

References · 6