CVE-2016-2985

CWE-2644 documents4 sources

Severity

7.0HIGH

EPSS

0.0%

top 88.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM General Parallel File System IBM Spectrum Scale

Timeline

PublishedNov 25

Latest updateMay 17

Description

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/general_parallel_file_system41 versions+40

▶NVDibm/spectrum_scale13 versions+12

🔴Vulnerability Details

GHSA

GHSA-mrxf-9q89-5jvp: IBM Spectrum Scale 4↗2022-05-17

▶

CVEList

CVE-2016-2985: IBM Spectrum Scale 4↗2016-11-25

▶

OSV

eglibc, glibc regression↗2016-05-26

▶