CVE-2015-0198

CWE-287 — Improper Authentication3 documents3 sources

Severity

10.0CRITICAL

EPSS

1.3%

top 20.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM General Parallel File System

Timeline

PublishedMar 24

Latest updateMay 17

Description

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/general_parallel_file_system3.4, 3.5, 4.1+2

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-4pw2-x5qf-3fx4: IBM General Parallel File System (GPFS) 3↗2022-05-17

▶

CVEList

CVE-2015-0198: IBM General Parallel File System (GPFS) 3↗2015-03-24

▶