Vulnerability Name:

CVE-2015-4974 (CCN-105789)

Assigned:2015-09-17
Published:2015-09-17
Updated:2016-12-06
Summary:IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.
CVSS v3 Severity:8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-77
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2015-4974

Source: CCN
Type: IBM Security Bulletin T1022637
IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2015-4974, CVE-2015-4981)

Source: CCN
Type: IBM Security Bulletin S1005366
IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2015-4974, CVE-2015-4981)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21972152

Source: CCN
Type: IBM Security Bulletin T1022797
Vulnerabilities in IBM GPFS affect IBM GPFS Native RAID for the Elastic Storage Server and the GPFS Storage Server (CVE-2015-4974, CVE-2015-4981, CVE-2015-1788)

Source: CCN
Type: IBM Security Bulletin S1005425
GPFS security vulnerabilities in IBM SONAS (CVE-2015-4974 and CVE-2015-4981)

Source: CCN
Type: IBM Security Bulletin S1005573
IBM Virtualization Engine TS7700 Is Affected by IBM GPFS Security Vulnerabilities (CVE-2015-4974 CVE-2015-4981)

Source: CCN
Type: IBM Security Bulletin 1969198
IBM Smart Analytics System 5600 is affected by vulnerabilities in IBM GPFS (CVE-2015-4974, CVE-2015-4981)

Source: CCN
Type: IBM Security Bulletin 1972152
Vulnerabilities in GPFS affect IBM DB2 LUW on AIX and Linux (CVE-2015-4974, CVE-2015-4981 & CVE-2015-7403)

Source: CCN
Type: IBM Security Bulletin 1974124
he GPFS pattern provided with IBM PureApplication System is affected by security vulnerabilities. (CVE-2015-4974 and CVE-2015-4981)

Source: BID
Type: UNKNOWN
77025

Source: CCN
Type: BID-77025
IBM General Parallel File System CVE-2015-4974 Local Unspecified Command Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1035094

Source: XF
Type: UNKNOWN
ibm-gpfs-cve20154974-priv-escalation(105789)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:general_parallel_file_system:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm general parallel file system 3.5
    ibm general parallel file system 3.5.0.0
    ibm general parallel file system 3.5.0.2
    ibm general parallel file system 3.5.0.3
    ibm general parallel file system 3.5.0.4
    ibm general parallel file system 3.5.0.6
    ibm general parallel file system 3.5.0.7
    ibm general parallel file system 3.5.0.8
    ibm general parallel file system 3.5.0.9
    ibm general parallel file system 3.5.0.10
    ibm general parallel file system 3.5.0.11
    ibm general parallel file system 3.5.0.12
    ibm general parallel file system 3.5.0.13
    ibm general parallel file system 3.5.0.14
    ibm general parallel file system 3.5.0.15
    ibm general parallel file system 3.5.0.16
    ibm general parallel file system 3.5.0.17
    ibm general parallel file system 3.5.0.18
    ibm general parallel file system 3.5.0.19
    ibm general parallel file system 3.5.0.20
    ibm general parallel file system 3.5.0.21
    ibm general parallel file system 3.5.0.22
    ibm general parallel file system 3.5.0.23
    ibm general parallel file system 3.5.0.24
    ibm general parallel file system 3.5.0.25
    ibm general parallel file system 3.5.0.26
    ibm spectrum scale 4.1.1.0
    ibm spectrum scale 4.1.1.1