Information Disclosure in IBM Spectrum Scale Due to Local Read Only Cache Issue
CVE-2018-1993

4MEDIUM

Key Information:

Vendor

IBM
Status
Spectrum Scale
Vendor
CVE Published:
8 January 2019

What is CVE-2018-1993?

IBM Spectrum Scale encounters an information disclosure vulnerability due to the Local Read Only Cache (LROC) feature, where a read operation on a file could inadvertently return data from another file. This potential misrepresentation of file data poses a risk of unauthorized access to sensitive information. Users employing the affected versions should be vigilant about potential security implications and consider implementing available patches or mitigations.

Affected Version(s)

Spectrum Scale 4.1.1

Spectrum Scale 4.2.0

Spectrum Scale 4.2.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/154440
vdb-entryx_refsource_XF
https://www.ibm.com/support/docview.wss?uid=ibm10793719
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106485
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.