CVE-2020-4926 — Missing Authorization in IBM Elastic Storage System

CWE-862 — Missing Authorization3 documents3 sources

Severity

9.1CRITICALNVD

EPSS

0.2%

top 63.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Elastic Storage System IBM Spectrum Scale

Timeline

PublishedMay 24

Latest updateMay 25

Description

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

▶NVDibm/elastic_storage_system< 6.1.3.0

▶CVEListV5ibm/elastic_storage_system6.1

▶NVDibm/spectrum_scale< 5.1.3.0

▶CVEListV5ibm/spectrum_scale5.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-c88p-x2w3-699v: A vulnerability in the Spectrum Scale 5↗2022-05-25

▶

CVEList

CVE-2020-4926: A vulnerability in the Spectrum Scale 5↗2022-05-24

▶