There is a vulnerability in the GPFS component that is used by IBM PureApplication Service. IBM has released Version 2.2.5.3 for IBM PureApplication Service, in response to CVE-2018-1723. IBM PureApplication Service provides a GPFS pattern and addressed the applicable CVE.
CVEID: CVE-2018-1723 DESCRIPTION: IBM Spectrum Scale could allow a GPFS command line utility allows an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147373> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM PureApplication Service V2.2.3.0
IBM PureApplication Service V2.2.3.1
IBM PureApplication Service V2.2.3.2
IBM PureApplication Service V2.2.4.0
IBM PureApplication Service V2.2.5.0
IBM PureApplication Service V2.2.5.2
For Intel:
Upgrade IBM PureApplication Service to the following fix pack release:
- V2.2.5.3
Contact IBM for assistance.
Information on upgrading can be found here: <http://www-01.ibm.com/support/docview.wss?uid=swg27039159>
None