Vulnerabilities > CVE-2020-4926 - Missing Authorization vulnerability in IBM Elastic Storage System and Spectrum Scale

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

ibm

CWE-862

critical

NVD

Published: 2022-05-24

Updated: 2022-06-07

Summary

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Elastic Storage System - IBM Elastic Storage System 6.0.0 IBM Elastic Storage System 6.0.0.1 IBM Elastic Storage System 6.0.0.2 IBM Elastic Storage System 6.0.1.0 IBM Elastic Storage System 6.0.1.1 IBM Elastic Storage System 6.0.1.2 IBM Elastic Storage System 6.0.2.0 IBM Elastic Storage System 6.1.0.0 IBM Elastic Storage System 6.1.2.6 IBM Spectrum Scale - IBM Spectrum Scale 4.1.0.0 IBM Spectrum Scale 4.1.1.0 IBM Spectrum Scale 4.1.1.1 IBM Spectrum Scale 4.1.1.2 IBM Spectrum Scale 4.1.1.3 IBM Spectrum Scale 4.1.1.4 IBM Spectrum Scale 4.1.1.5 IBM Spectrum Scale 4.1.1.6 IBM Spectrum Scale 4.1.1.7 IBM Spectrum Scale 4.1.1.8 IBM Spectrum Scale 4.1.1.9 IBM Spectrum Scale 4.1.1.10 IBM Spectrum Scale 4.1.1.11 IBM Spectrum Scale 4.1.1.12 IBM Spectrum Scale 4.1.1.13 IBM Spectrum Scale 4.1.1.14 IBM Spectrum Scale 4.1.1.15 IBM Spectrum Scale 4.1.1.16 IBM Spectrum Scale 4.1.1.17 IBM Spectrum Scale 4.1.1.18 IBM Spectrum Scale 4.1.1.19 IBM Spectrum Scale 4.1.1.20 IBM Spectrum Scale 4.1.1.21 IBM Spectrum Scale 4.1.1.22 IBM Spectrum Scale 4.1.1.23 IBM Spectrum Scale 4.2.0.0 IBM Spectrum Scale 4.2.0.1 IBM Spectrum Scale 4.2.0.2 IBM Spectrum Scale 4.2.0.3 IBM Spectrum Scale 4.2.0.4 IBM Spectrum Scale 4.2.1 IBM Spectrum Scale 4.2.2.0 IBM Spectrum Scale 4.2.3.0 IBM Spectrum Scale 4.2.3.1 IBM Spectrum Scale 4.2.3.2 IBM Spectrum Scale 4.2.3.3 IBM Spectrum Scale 4.2.3.4 IBM Spectrum Scale 4.2.3.5 IBM Spectrum Scale 4.2.3.6 IBM Spectrum Scale 4.2.3.7 IBM Spectrum Scale 4.2.3.8 IBM Spectrum Scale 4.2.3.9 IBM Spectrum Scale 4.2.3.10 IBM Spectrum Scale 4.2.3.11 IBM Spectrum Scale 4.2.3.12 IBM Spectrum Scale 4.2.3.13 IBM Spectrum Scale 4.2.3.14 IBM Spectrum Scale 4.2.3.15 IBM Spectrum Scale 4.2.3.17 IBM Spectrum Scale 4.2.3.18 IBM Spectrum Scale 4.2.3.19 IBM Spectrum Scale 4.2.3.20 IBM Spectrum Scale 4.2.3.21 IBM Spectrum Scale 4.2.3.22 IBM Spectrum Scale 4.2.3.23 IBM Spectrum Scale 5.0.0 IBM Spectrum Scale 5.0.0.0 IBM Spectrum Scale 5.0.0.1 IBM Spectrum Scale 5.0.0.2 IBM Spectrum Scale 5.0.1.0 IBM Spectrum Scale 5.0.1.1 IBM Spectrum Scale 5.0.1.2 IBM Spectrum Scale 5.0.2.0 IBM Spectrum Scale 5.0.2.1 IBM Spectrum Scale 5.0.2.2 IBM Spectrum Scale 5.0.2.3 IBM Spectrum Scale 5.0.3.2 IBM Spectrum Scale 5.0.4.0 IBM Spectrum Scale 5.0.4.1 IBM Spectrum Scale 5.0.4.2 IBM Spectrum Scale 5.0.4.3 IBM Spectrum Scale 5.0.4.4 IBM Spectrum Scale 5.0.5 IBM Spectrum Scale 5.0.5.0 IBM Spectrum Scale 5.0.5.2 IBM Spectrum Scale 5.0.5.4 IBM Spectrum Scale 5.0.5.5 IBM Spectrum Scale 5.0.5.6 IBM Spectrum Scale 5.0.5.7 IBM Spectrum Scale 5.1.0 IBM Spectrum Scale 5.1.0.0 IBM Spectrum Scale 5.1.0.1 IBM Spectrum Scale 5.1.0.2 IBM Spectrum Scale 5.1.1.0 IBM Spectrum Scale 5.1.1.1 IBM Spectrum Scale 5.1.2.8 IBM Spectrum Scale 5.1.2.9	98
OS	Linux Linux Linux Kernel -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References