The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale that could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements.
CVE(s): CVE-2017-1654
Affected product(s) and affected version(s):
The Elastic Storage Server 5.0.0 thru 5.2.1
The Elastic Storage Server 4.5.0 thru 4.6.0
The Elastic Storage Server 4.0.0 thru 4.0.6
The Elastic Storage Server 3.5.0 thru 3.5.6
The Elastic Storage Server 3.0.0 thru 3.0.5
The Elastic Storage Server 2.5.0 thru 2.5.5
The GPFS Storage Server 2.0.0 thru 2.0.7
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012162
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133378
The post IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1654) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2GkOglL
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.