CVE-2015-0198

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=isg3T1022062	Patch Vendor Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21902662
http://www.securityfocus.com/bid/73278
http://www.securitytracker.com/id/1032880

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:general_parallel_file_system:3.4:::::::*
	cpe:2.3:a:ibm:general_parallel_file_system:3.5:::::::*
	cpe:2.3:a:ibm:general_parallel_file_system:4.1:::::::*

History

No history.

Information

Published : 2015-03-24 02:01

Updated : 2024-02-04 18:35

NVD link : CVE-2015-0198

Mitre link : CVE-2015-0198

CVE.ORG link : CVE-2015-0198

JSON object : View

Products Affected

ibm

general_parallel_file_system

CWE

CWE-287

Improper Authentication

{"id": "CVE-2015-0198", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-24T02:01:40.463", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1022062", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21902662", "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/73278", "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1032880", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors."}, {"lang": "es", "value": "IBM General Parallel File System (GPFS) 3.4 anterior a 3.4.0.32, 3.5 anterior a 3.5.0.24, y 4.1 anterior a 4.1.0.7 en ciertas configuraciones cipherList permite a atacantes remotos evadir la autenticaci\u00f3n y ejecutar programas arbitrarios como root a trav\u00e9s de vectores no especificados."}], "lastModified": "2016-12-31T02:59:15.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6C20DD7-88C1-4916-A063-878C95900841"}, {"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F13ADEA-CFB7-4302-B7F2-74EF70F08FC9"}, {"criteria": "cpe:2.3:a:ibm:general_parallel_file_system:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BE25822-329B-435C-B542-CD108A490FB4"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}