CVE-2019-4715OS Command Injection in IBM Spectrum Scale

CWE-78OS Command InjectionCWE-20Improper Input Validation3 documents3 sources
Severity
8.8HIGHNVD
EPSS
4.8%
top 10.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Scale
Timeline
PublishedDec 11
Latest updateMay 24

Description

IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/spectrum_scale4.2.0.04.2.3.18+1
CVEListV5ibm/spectrum_scale4.2, 5.0+1

🔴Vulnerability Details

2
GHSA
GHSA-4whf-mx4r-v53w: IBM Spectrum Scale 42022-05-24
CVEList
CVE-2019-4715: IBM Spectrum Scale 42019-12-11
CVE-2019-4715 — OS Command Injection in IBM | cvebase