CVE-2016-0392
IBM GPFS / Spectrum Scale Command Injection
Severity Score
8.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.
IBM General Parallel File System (GPFS) en GPFS Storage Server 2.0.0 hasta la versión 2.0.7 y Elastic Storage Server 2.5.x hasta la versión 2.5.5, 3.x en versiones anteriores a 3.5.5 y 4.x en versiones anteriores a 4.0.3, según se distribuye en Spectrum Scale RAID, permite a usuarios locales obtener privilegios a través de un parámetro manipulado en un programa setuid.
IBM GPFS version 4.1.0.0 through 4.1.0.8 and 3.5.0.0 through 3.5.0.30 along with Spectrum Scale versions 4.2.0.0 through 4.2.0.2 and 4.1.1.0 through 4.1.1.6 suffer from a command injection vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-12-08 CVE Reserved
- 2016-06-08 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/137373/IBM-GPFS-Spectrum-Scale-Command-Injection.html | X_refsource_misc |
|
| http://www.securityfocus.com/archive/1/538620/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/91082 | Vdb Entry | |
| http://www.securitytracker.com/id/1036458 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005875 | 2018-10-09 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV84206 | 2018-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 2.5.0 Search vendor "Ibm" for product "Elastic Storage Server" and version "2.5.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 2.5.1 Search vendor "Ibm" for product "Elastic Storage Server" and version "2.5.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 2.5.2 Search vendor "Ibm" for product "Elastic Storage Server" and version "2.5.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 2.5.3 Search vendor "Ibm" for product "Elastic Storage Server" and version "2.5.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 2.5.4 Search vendor "Ibm" for product "Elastic Storage Server" and version "2.5.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 2.5.5 Search vendor "Ibm" for product "Elastic Storage Server" and version "2.5.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.0.0 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.0.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.0.1 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.0.2 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.0.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.0.3 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.0.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.0.4 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.0.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.0.5 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.0.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.5.0 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.5.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.5.1 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.5.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.5.2 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.5.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.5.3 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.5.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 3.5.4 Search vendor "Ibm" for product "Elastic Storage Server" and version "3.5.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 4.0.0 Search vendor "Ibm" for product "Elastic Storage Server" and version "4.0.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 4.0.1 Search vendor "Ibm" for product "Elastic Storage Server" and version "4.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Elastic Storage Server Search vendor "Ibm" for product "Elastic Storage Server" | 4.0.2 Search vendor "Ibm" for product "Elastic Storage Server" and version "4.0.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | General Parallel File System Storage Server Search vendor "Ibm" for product "General Parallel File System Storage Server" | 2.0.0 Search vendor "Ibm" for product "General Parallel File System Storage Server" and version "2.0.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | General Parallel File System Storage Server Search vendor "Ibm" for product "General Parallel File System Storage Server" | 2.0.1 Search vendor "Ibm" for product "General Parallel File System Storage Server" and version "2.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | General Parallel File System Storage Server Search vendor "Ibm" for product "General Parallel File System Storage Server" | 2.0.2 Search vendor "Ibm" for product "General Parallel File System Storage Server" and version "2.0.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | General Parallel File System Storage Server Search vendor "Ibm" for product "General Parallel File System Storage Server" | 2.0.3 Search vendor "Ibm" for product "General Parallel File System Storage Server" and version "2.0.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | General Parallel File System Storage Server Search vendor "Ibm" for product "General Parallel File System Storage Server" | 2.0.4 Search vendor "Ibm" for product "General Parallel File System Storage Server" and version "2.0.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | General Parallel File System Storage Server Search vendor "Ibm" for product "General Parallel File System Storage Server" | 2.0.5 Search vendor "Ibm" for product "General Parallel File System Storage Server" and version "2.0.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | General Parallel File System Storage Server Search vendor "Ibm" for product "General Parallel File System Storage Server" | 2.0.6 Search vendor "Ibm" for product "General Parallel File System Storage Server" and version "2.0.6" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | General Parallel File System Storage Server Search vendor "Ibm" for product "General Parallel File System Storage Server" | 2.0.7 Search vendor "Ibm" for product "General Parallel File System Storage Server" and version "2.0.7" | - |
Affected
| ||||||