Skip to main content

General Parallel File System CVE-2015-4974

HIGH
Command Injection (CWE-77)
2015-10-26 psirt@us.ibm.com
7.2
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Local
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Oct 26, 2015 - 02:59 cve.org
HIGH 7.2

DescriptionCVE.org

IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.

AnalysisAI

IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. Affected products include: Ibm General Parallel File System, Ibm Spectrum Scale. Version information: before 3.5.0.27.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2015-0198 CRITICAL
10.0 Mar 24

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain ciph

CVE-2016-6115 HIGH
7.2 Feb 01

IBM General Parallel File System is vulnerable to a buffer overflow. Rated high severity (CVSS 7.2), this vulnerability

CVE-2018-1431 HIGH
7.8 Jun 13

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attac

CVE-2015-0197 HIGH
7.2 Mar 24

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local us

CVE-2016-2985 HIGH
7.0 Nov 25

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before

CVE-2016-2984 HIGH
7.0 Nov 25

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before

CVE-2016-0361 MEDIUM
6.5 Aug 08

IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Sc

CVE-2015-0199 MEDIUM
4.9 Mar 24

The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1

CVE-2014-0834 MEDIUM
4.0 Feb 04

IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial

CVE-2015-7403 MEDIUM
4.0 Jan 02

IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x throug

CVE-2015-1890 LOW
3.5 Apr 06

/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentiall

CVE-2015-4981 LOW
2.1 Oct 26

IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before

Share

CVE-2015-4974 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy