Local Privilege Escalation Vulnerability in IBM Storage Scale GUI
CVE-2024-31891

7.8HIGH

Key Information:

Vendor: IBM
Status: Storage Scale
Vendor: CVE Published:; 14 December 2024

Summary

CVE-2024-31891 is a critical local privilege escalation vulnerability found in IBM Storage Scale GUI versions 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1. This vulnerability allows a malicious actor with command line access to the 'scalemgmt' user to exploit the system and elevate their privileges to gain root access to the underlying operating system. If exploited, this vulnerability could lead to unauthorized actions and significant security risks for affected environments. It is crucial for users running these versions to apply security patches and ensure proper access controls are in place to mitigate risk.

Affected Version(s)

Storage Scale 5.1.9.0 <= 5.1.9.6

Storage Scale 5.2.0.0 <= 5.2.1.1

References

https://www.ibm.com/support/pages/node/7178098

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2024
Vulnerability Reserved
Apr 7, 2024

Collectors

NVD DatabaseMitre Database