CVE-2022-41739

IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.

CVSS v3 7.9 HIGH

7.9^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/237815	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6964568	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/237815	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6964568	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:23

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/237815 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/237815 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/6964568 - Patch, Vendor Advisory~~	() https://www.ibm.com/support/pages/node/6964568 - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.4~~	v2 : unknown v3 : 7.9

Information

Published : 2023-04-26 03:15

Updated : 2024-11-21 07:23

NVD link : CVE-2022-41739

Mitre link : CVE-2022-41739

CVE.ORG link : CVE-2022-41739

JSON object : View

Products Affected

ibm

spectrum_scale_container_native_storage_access

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-41739", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.0}]}, "published": "2023-04-26T03:15:08.767", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237815", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6964568", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237815", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6964568", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\nIBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.\n\n"}], "lastModified": "2024-11-21T07:23:46.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC2FE9BB-F845-48CF-8A61-F626F6370E90", "versionEndIncluding": "5.1.6.0", "versionStartIncluding": "5.1.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}