Vulnerability Name:

CVE-2015-0198 (CCN-101225)

Assigned:2014-11-18
Published:2015-03-13
Updated:2016-12-31
Summary:IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-287
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-0198

Source: CCN
Type: IBM Security Bulletin T1022062
IBM General Parallel File System is affected by security vulnerabilities (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1022062

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21902662

Source: CCN
Type: IBM Security Bulletin S1005276
IBM Virtualization Engine TS7700 is affected by vulnerabilities in IBM General Parallel File System (CVE-2015-0197, CVE-2015-0198)

Source: CCN
Type: IBM Security Bulletin 1902662
Multiple vulnerabilities in GPFS affects IBM DB2 LUW on AIX and Linux (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin 1903776
Vulnerabilities in GPFS affect InfoSphere BigInsights (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin 1960401
IBM PureApplication System is affected by security vulnerabilities (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin 1962616
Multiple security vulnerabilities have been identified in IBM General Parallel File System shipped with IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 1962690
A security vulnerability has been identified in IBM General Parallel File System shipped with IBM Smart Analytics System 5600

Source: BID
Type: UNKNOWN
73278

Source: CCN
Type: BID-73278
IBM General Parallel File System CVE-2015-0198 Unspecified Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1032880

Source: XF
Type: UNKNOWN
ibm-gpfs-cve20150198-command-exec(101225)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:general_parallel_file_system:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:4.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm general parallel file system 3.4
    ibm general parallel file system 3.5
    ibm general parallel file system 4.1