CVE-2017-1654Sensitive Information Exposure in IBM Spectrum Scale

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
3.3LOWNVD
CNA4.0
EPSS
0.1%
top 82.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum ScaleIBM General Parallel File System
Timeline
PublishedMar 2
Latest updateMay 13

Description

IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

NVDibm/spectrum_scale4.1.1.04.1.1.18+5
CVEListV5ibm/spectrum_scale5 versions+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-4pmr-98gg-9wvp: IBM Spectrum Scale 42022-05-13
CVEList
CVE-2017-1654: IBM Spectrum Scale 42018-03-02
CVE-2017-1654 — Sensitive Information Exposure in IBM | cvebase