Local User Job Manipulation in IBM Spectrum LSF
CVE-2018-1724

5.9MEDIUM

Key Information:

Vendor
IBM
Status
Spectrum Lsf
Vendor
CVE Published:
11 October 2018

Summary

A vulnerability in IBM Spectrum LSF allows local users to alter their job user during submission due to inadequate file permission configurations. This can lead to unintended privilege escalation, enabling users to execute jobs under different user accounts. Organizations should assess their deployments of IBM Spectrum LSF versions 9.1.1, 9.1.2, 9.1.3, and 10.1 to ensure proper security measures are in place.

Affected Version(s)

Spectrum LSF 10.1

Spectrum LSF 9.1.1

Spectrum LSF 9.1.2

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/147439
vdb-entryx_refsource_XF
https://www-01.ibm.com/support/docview.wss?uid=ibm10734767
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106642
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.