CVE-2020-4850Improper Encoding or Escaping of Output in IBM Spectrum Scale

CWE-116Improper Encoding or Escaping of Output3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 62.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum ScaleIBM Gpfs.tct.server
Timeline
PublishedMay 20
Latest updateMay 24

Description

IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 190298.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/spectrum_scale1.1.1.0, 1.1.8.4+1
NVDibm/gpfs.tct.server8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-4chw-r2mf-4932: IBM Spectrum Scale 12022-05-24
CVEList
CVE-2020-4850: IBM Spectrum Scale 12021-05-20
CVE-2020-4850 — Improper Encoding or Escaping of Output | cvebase