Command Execution Vulnerability in IBM Spectrum LSF Products
CVE-2020-4983

7.4HIGH

Key Information:

Vendor
IBM
Status
Spectrum Lsf Suite
Spectrum Lsf
Vendor
CVE Published:
20 January 2021

Summary

IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 contain a vulnerability that allows local network users with permissions to submit LSF jobs to execute arbitrary commands. This poses potential risks if exploited, granting unauthorized actions within the system. Proper network and user privilege management are essential to mitigate such risks. For details, refer to IBM's security advisory.

Affected Version(s)

Spectrum LSF 10.1

Spectrum LSF Suite 10.2

References

https://www.ibm.com/support/pages/node/6395478
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/192586
vdb-entryx_refsource_XF
https://www.hpcsec.com/2021/01/14/cve-2020-4983/
x_refsource_MISC

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.