Code Injection Vulnerability in IBM Spectrum Scale Data Access Services
CVE-2022-22411

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Scale Das
Vendor: CVE Published:; 10 August 2022

Summary

IBM Spectrum Scale Data Access Services version 5.1.3.1 is vulnerable to a code injection issue, enabling authenticated users to exploit excessive permissions. This vulnerability allows attackers to insert malicious code, potentially leading to manipulation of cluster resources. As such, organizations should limit user privileges and promptly apply available security patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Spectrum Scale DAS 5.1.3.1

References

https://www.ibm.com/support/pages/node/6610277

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/223016

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Jan 3, 2022