CVE-2022-41739 — IBM Spectrum Scale Container Native Storage Access vulnerability

3 documents3 sources

Severity

8.4HIGHNVD

CNA7.9

EPSS

0.0%

top 91.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Scale Container Native Storage Access

Timeline

PublishedApr 26

Description

IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:NExploitability: 2.0 | Impact: 5.8

Affected Packages2 packages

▶CVEListV5ibm/spectrum_scale_container_native_storage_access5.1.2.1 — 5.1.6.0

▶NVDibm/spectrum_scale_container_native_storage_access5.1.2.1 — 5.1.6.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Spectrum Scale privilege escalation↗2023-04-26

▶

GHSA

GHSA-5v6x-pq3h-wvrm: IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5↗2023-04-26

▶