CVE-2020-4217 — Improper Check for Unusual or Exceptional Conditions in IBM Spectrum Scale

CWE-754 — Improper Check for Unusual or Exceptional Conditions3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Scale

Timeline

PublishedMar 9

Latest updateMay 24

Description

The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/spectrum_scale4.2.0.0 — 4.2.3.19+1

▶CVEListV5ibm/spectrum_scale4.2, 5.0+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rh46-rhp9-6x53: The IBM Spectrum Scale 4↗2022-05-24

▶

CVEList

CVE-2020-4217: The IBM Spectrum Scale 4↗2020-03-09

▶