Vulnerability Name:

CVE-2018-1783 (CCN-148806)

Assigned:2017-12-13
Published:2018-10-04
Updated:2020-08-24
Summary:IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-1783

Source: CCN
Type: IBM Security Bulletin 795189 (PureApplication System)
IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1783)

Source: XF
Type: UNKNOWN
ibm-spectrum-cve20181783-dos(148806)

Source: XF
Type: VDB Entry, Vendor Advisory
ibm-spectrum-cve20181783-dos(148806)

Source: CCN
Type: IBM Security Bulletin 732717 (Spectrum Scale)
A vulnerability has been identified in IBM Spectrum Scale that could allow a unprivileged, auntheticated user to forcefully unterminate and deny access to data available through GPFS

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10732717

Source: CCN
Type: IBM Security Bulletin 740139 (Elastic Storage Server)
The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1783)

Source: CCN
Type: IBM Security Bulletin 795195 (PureApplication Service)
IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1783)

Source: CCN
Type: IBM Security Bulletin 878242 (Storwize V7000 Unified (2073))
Security Bulletin : IBM Storwize V7000 Unified is affected by denial of service vulnerability in GPFS (CVE-2018-1783)

Source: CCN
Type: IBM Security Bulletin 1170400 (DB2 for Linux- UNIX and Windows)
IBM Db2 LUW on AIX and Linux Affected by a Vulnerability in IBM Spectrum Scale (CVE-2018-1783).

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 4.1.0.0 and <= 4.1.1.20)
  • OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 4.2.0.0 and <= 4.2.3.10)
  • OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 5.0.0.0 and <= 5.0.1.2)

    • Configuration CCN 1:
  • cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:5.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.2.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.1.1.20:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:storwize_v7000_unified_software:1.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:3.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:3.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:4.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:4.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:5.3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_service:2.2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_service:2.2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_service:2.2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_service:2.2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_service:2.2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_service:2.2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_service:2.2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm spectrum scale *
    ibm spectrum scale *
    ibm spectrum scale *
    ibm spectrum scale 5.0.0
    ibm spectrum scale 5.0.1.2
    ibm spectrum scale 4.2.0.0
    ibm spectrum scale 4.2.3.10
    ibm spectrum scale 4.1.1.0
    ibm spectrum scale 4.1.1.20
    ibm storwize unified v7000 software 1.6.2
    ibm pureapplication system 2.2.3.0
    ibm pureapplication system 2.2.3.1
    ibm pureapplication system 2.2.3.2
    ibm pureapplication system 2.2.4.0
    ibm pureapplication system 2.2.5.0
    ibm pureapplication system 2.2.5.1
    ibm pureapplication system 2.2.5.2
    ibm elastic storage server 2.5.0
    ibm elastic storage server 2.5.5
    ibm elastic storage server 3.0.0
    ibm elastic storage server 3.0.5
    ibm elastic storage server 3.5.0
    ibm elastic storage server 3.5.6
    ibm elastic storage server 4.0.0
    ibm elastic storage server 4.0.6
    ibm elastic storage server 4.5.0
    ibm elastic storage server 4.6.0
    ibm elastic storage server 5.0.0
    ibm elastic storage server 5.2.3
    ibm elastic storage server 5.3
    ibm elastic storage server 5.3.1.1
    ibm pureapplication system 2.2.5.3
    ibm pureapplication service 2.2.3.0
    ibm pureapplication service 2.2.3.1
    ibm pureapplication service 2.2.3.2
    ibm pureapplication service 2.2.4.0
    ibm pureapplication service 2.2.5.0
    ibm pureapplication service 2.2.5.2
    ibm pureapplication service 2.2.5.3
    ibm db2 10.5
    ibm db2 10.5
    ibm db2 10.5
    ibm db2 11.1
    ibm db2 11.1
    ibm db2 11.1