Vulnerability Name:

CVE-2015-0197 (CCN-101224)

Assigned:2014-11-18
Published:2015-03-13
Updated:2016-12-31
Summary:IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2015-0197

Source: CCN
Type: IBM Security Bulletin T1022062
IBM General Parallel File System is affected by security vulnerabilities (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1022062

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21902662

Source: CCN
Type: IBM Security Bulletin S1005239
GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2015-0197 and CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin S1005240
GPFS security vulnerabilities in IBM SONAS (CVE-2015-0197 and CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin S1005276
IBM Virtualization Engine TS7700 is affected by vulnerabilities in IBM General Parallel File System (CVE-2015-0197, CVE-2015-0198)

Source: CCN
Type: IBM Security Bulletin 1902662
Multiple vulnerabilities in GPFS affects IBM DB2 LUW on AIX and Linux (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin 1903776
Vulnerabilities in GPFS affect InfoSphere BigInsights (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin 1960401
IBM PureApplication System is affected by security vulnerabilities (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin 1962616
Multiple security vulnerabilities have been identified in IBM General Parallel File System shipped with IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 1962690
A security vulnerability has been identified in IBM General Parallel File System shipped with IBM Smart Analytics System 5600

Source: BID
Type: UNKNOWN
73282

Source: CCN
Type: BID-73282
IBM General Parallel File System CVE-2015-0197 Unspecified Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1032880

Source: XF
Type: UNKNOWN
ibm-gpfs-cve20150197-priv-escalation(101224)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:general_parallel_file_system:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:4.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm general parallel file system 3.4
    ibm general parallel file system 3.5
    ibm general parallel file system 4.1