File Manipulation Vulnerability in IBM Spectrum Scale by IBM
CVE-2021-38882

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Scale
Vendor: CVE Published:; 16 November 2021

Summary

A vulnerability exists in IBM Spectrum Scale versions 5.1.0 through 5.1.1.1 that allows a privileged administrator to prematurely delete filesystem audit logging records. This could enable unauthorized activities to go undetected, thereby posing a significant security risk. The affected systems may not retain critical logs needed for auditing and monitoring, impeding incident response and compliance efforts. Admins should take immediate steps to address this vulnerability and ensure the integrity of their audit logs.

Affected Version(s)

Spectrum Scale 5.1.0

Spectrum Scale 5.1.1.1

References

https://www.ibm.com/support/pages/node/6516426

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/209164

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2021
Vulnerability Reserved
Aug 16, 2021