CVE-2016-0392 — Improper Access Control in IBM Elastic Storage Server

CWE-284 — Improper Access Control3 documents3 sources

Severity

8.4HIGHNVD

EPSS

0.1%

top 81.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Elastic Storage Server IBM General Parallel File System Storage Server

Timeline

PublishedJun 19

Latest updateMay 14

Description

IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/general_parallel_file_system_storage_server8 versions+7

▶NVDibm/elastic_storage_server20 versions+19

🔴Vulnerability Details

GHSA

GHSA-9mj9-6mfj-6q3h: IBM General Parallel File System (GPFS) in GPFS Storage Server 2↗2022-05-14

▶

CVEList

CVE-2016-0392: IBM General Parallel File System (GPFS) in GPFS Storage Server 2↗2016-06-19

▶