Vulnerability Name: CVE-2018-1723 (CCN-147373) Assigned: 2017-12-13 Published: 2018-10-04 Updated: 2019-10-09 Summary: IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373. CVSS v3 Severity: 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N )4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N )5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRE Type: CNACVE-2018-1723 Source: CCN Type: IBM Security Bulletin 734067 (DB2 for Linux, UNIX and Windows)IBM Db2 LUW on AIX and Linux Affected by a Vulnerability in IBM Spectrum Scale (CVE-2018-1723). Source: CCN Type: IBM Security Bulletin 740163 (Elastic Storage Server)IBM Spectrum Scale for IBM Elastic Storage Server is affected by a vulnerability which could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723) Source: CCN Type: IBM Security Bulletin 2017440 (PureApplication Service)IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1723) Source: BID Type: Third Party Advisory, VDB Entry105975 Source: XF Type: UNKNOWNibm-spectrum-cve20181723-info-disc(147373) Source: XF Type: VDB Entry, Vendor Advisoryibm-spectrum-cve20181723-info-disc(147373) Source: CCN Type: IBM Security Bulletin 732713 (Spectrum Scale)A vulnerability has been identified in IBM Spectrum Scale that could allow a unprivileged, auntheticated user to read aribiratry file on node Source: CONFIRM Type: Patch, Vendor Advisoryhttps://www.ibm.com/support/docview.wss?uid=ibm10732713 Source: CCN Type: IBM Security Bulletin 871586 (PureApplication System)IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1723) Source: CCN Type: IBM Security Bulletin 878240 (Storwize V7000 Unified (2073))Security Bulletin : IBM Storwize V7000 Unified is affected by arbitry file read vulnerability in GPFS Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 4.1.0.0 and <= 4.1.1.20)OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 4.2.0.0 and <= 4.2.3.10) OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 5.0.0.0 and <= 5.0.1.2) Configuration CCN 1 :cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:5.0.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:4.2.3.10:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:4.1.1.20:*:*:*:*:*:*:* AND cpe:/a:ibm:pureapplication_system:2.2.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.5.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.5.1:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:2.5.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:2.5.5:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:3.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:3.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:3.5.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:3.5.6:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.5.3:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
ibm spectrum scale *
ibm spectrum scale *
ibm spectrum scale *
ibm spectrum scale 5.0.0
ibm spectrum scale 5.0.1.2
ibm spectrum scale 4.2.0.0
ibm spectrum scale 4.2.3.10
ibm spectrum scale 4.1.1.0
ibm spectrum scale 4.1.1.20
ibm pureapplication system 2.2.3.0
ibm pureapplication system 2.2.3.1
ibm pureapplication system 2.2.3.2
ibm pureapplication system 2.2.4.0
ibm pureapplication system 2.2.5.0
ibm pureapplication system 2.2.5.1
ibm pureapplication system 2.2.5.2
ibm elastic storage server 2.5.0
ibm elastic storage server 2.5.5
ibm elastic storage server 3.0.0
ibm elastic storage server 3.0.5
ibm elastic storage server 3.5.0
ibm elastic storage server 3.5.6
ibm elastic storage server 4.0.0
ibm elastic storage server 4.0.6
ibm pureapplication system 2.2.5.3