| Vulnerability Name: | CVE-2021-29671 |
| Assigned: | 2021-04-09 |
| Published: | 2021-04-09 |
| Updated: | 2022-07-12 |
| Summary: | IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.
|
| CVSS v3 Severity: | 3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): None |
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Type: | CWE-noinfo
|
| References: | Source: MITRE
Type: CNA
CVE-2021-29671
Source: XF
Type: VDB Entry, Vendor Advisory
ibm-spectrum-cve202129671-sec-bypass (199478)
Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.ibm.com/support/pages/node/6441429
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:ibm:spectrum_scale:*:*:*:*:*:*:*:* (Version >= 5.1.0.1 and < 5.1.0.2)
 Denotes that component is vulnerable |
| BACK |