CVE-2018-1431

low-risk

Published 2018-06-13

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.4/10 High

LOCAL / HIGH complexity

Affected Products (2)

General Parallel File System

Spectrum Scale

Affected Vendors

Ibm

References (6)

Vendor Advisory http://www.ibm.com/support/docview.wss?uid=ssg1S1012049

Third Party Advisory http://www.securityfocus.com/bid/105546

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/139240

Vendor Advisory http://www.ibm.com/support/docview.wss?uid=ssg1S1012049

Third Party Advisory http://www.securityfocus.com/bid/105546

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/139240

/ 100

low-risk

Severity 19/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low