CVE-2020-4278

Published: Mar 5, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137.

Affected (4)

Products: Ibm: Platform Lsf, Spectrum Computing For High Performance Analytics, Spectrum Lsf

3 products

Spectrum Computing For High Performance Analytics

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Platform Lsf	Version 10.1
Ibm Platform Lsf	Version 9.1
Ibm Spectrum Computing For High Performance Analytics	Version 10.2
Ibm Spectrum Lsf	Version 10.2

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/176137

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/3357549

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/176137

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/3357549

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.