Vulnerability Name: CVE-2016-0361 (CCN-111931) Assigned: 2015-12-08 Published: 2016-04-19 Updated: 2017-09-01 Summary: IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by discovering ADMIN passwords. CVSS v3 Severity: 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
7.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2016-0361 http://www-01.ibm.com/support/docview.wss?uid=swg21986595 The Elastic Storage Server and the GPFS Storage Server are affected by vulnerabilities in IBM Spectrum Scale (CVE-2016-0263, CVE2016-0361) IBM Spectrum Scale, with the Spectrum Scale GUI installed, is affected by a security vulnerability (CVE-2016-0361) The Elastic Storage Server and the GPFS Storage Server are affected by vulnerabilities in IBM Spectrum Scale (CVE-2016-0263, CVE2016-0361) IBM DB2 LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS. 90550 IBM Spectrum Scale CVE-2016-0361 Information Disclosure Vulnerability 1036455 ibm-gpfs-cve20160361-info-disc(111931) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:general_parallel_file_system:3.5:*:*:*:*:*:*:* OR cpe:/a:ibm:general_parallel_file_system:3.5.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:general_parallel_file_system:3.5.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:general_parallel_file_system:3.5.0.9:*:*:*:*:*:*:* OR cpe:/a:ibm:general_parallel_file_system:3.5.0.11:*:*:*:*:*:*:* OR cpe:/a:ibm:general_parallel_file_system:3.5.0.16:*:*:*:*:*:*:* OR cpe:/a:ibm:general_parallel_file_system:4.1.0.1:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:* AND cpe:/a:ibm:elastic_storage_server:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:2.5:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:3.5:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.0:*:*:*:*:*:*:* BACK
ibm general parallel file system 3.5
ibm general parallel file system 3.5.0.3
ibm general parallel file system 3.5.0.7
ibm general parallel file system 3.5.0.9
ibm general parallel file system 3.5.0.11
ibm general parallel file system 3.5.0.16
ibm general parallel file system 4.1.0.1
ibm spectrum scale 4.2.0.0
ibm elastic storage server 2.0
ibm elastic storage server 2.5
ibm elastic storage server 3.0
ibm elastic storage server 3.5
ibm elastic storage server 4.0
Denotes that component is vulnerable