CVE-2016-0392
moderate-risk
Published 2016-06-19
IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
General Parallel File System Storage Server
General Parallel File System Storage Server
General Parallel File System Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Elastic Storage Server
Affected Vendors
References (12)
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005875
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005875
48
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
0/34 · Minimal
Exposure
22/34 · High