A security vulnerability has been identified in all levels of IBM Elastic Storage Server GUI that could allow an unauthorised user to execute commands . A fix for this vulnerability is available.
CVEID:CVE-2020-4348
**DESCRIPTION:**IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178414 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
The Elastic Storage Server 5.3.0 thru 5.3.5.2
The Elastic Storage Server 5.0.0 thru 5.2.9
The Elastic Storage Server 4.5.0 thru 4.6.0
The Elastic Storage Server 4.0.0 thru 4.0.6
For IBM Elastic Storage Server V5.0.0 thru 5.3.5.2, apply V5.3.6 available from FixCentral at:
For IBM Elastic Storage Server V5.0.0 thru 5.2.9, apply V5.2.10 available from FixCentral at:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm elastic storage server | eq | 5.3 |