Vulnerability CVE-2020-4926

Vulnerability Name:

CVE-2020-4926 (CCN-191600)

Assigned:

2019-12-30

Published:

2022-05-23

Updated:

2022-06-07

Summary:

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.

CVSS v3 Severity:

9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

5.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

4.7 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-862

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-4926

Source: XF
Type: UNKNOWN
ibm-spectrum-cve20204926-info-disc(191600)

Source: XF
Type: VDB Entry, Vendor Advisory
ibm-spectrum-cve20204926-info-disc (191600)

Source: CCN
Type: IBM Security Bulletin 6565399 (Spectrum Scale)
A vulnerability has been identified in IBM Spectrum Scale where an unauthorized user can send arbitrary data to the CLI commands and daemon (CVE-2020-4926)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.ibm.com/support/pages/node/6565399

Source: CCN
Type: IBM Security Bulletin 6589109 (Elastic Storage System)
A vulnerability has been identified in IBM Spectrum Scale which is packaged in IBM ESS (CVE-2020-4926)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.ibm.com/support/pages/node/6589109

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:elastic_storage_system:*:*:*:*:*:*:*:* (Version < 6.1.3.0)

OR cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version < 5.1.3.0)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK