What is the severity of CVE-2017-1654?

CVE-2017-1654 has a medium severity rating due to its potential impact on local user data exposure.

How do I fix CVE-2017-1654?

To mitigate CVE-2017-1654, upgrade IBM Spectrum Scale to version 4.2.4 or later.

Who is affected by CVE-2017-1654?

CVE-2017-1654 affects users of IBM Spectrum Scale versions 4.1.1 to 4.2.3 and IBM General Parallel File System 4.1.0.0 to 4.1.0.8.

What type of vulnerability is CVE-2017-1654?

CVE-2017-1654 is a local information disclosure vulnerability allowing unauthorized access to dump files.

Can CVE-2017-1654 lead to data exposure?

Yes, CVE-2017-1654 could allow unprivileged local users to access sensitive information from dump files.

Vulnerability/
CVE-2017-1654

medium

CWE

200

2/3/2018

16/9/2024

CVE-2017-1654: Infoleak

First published: Fri Mar 02 2018(Updated: )

IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Spectrum Scale	>=4.1.1.0<=4.1.1.18
IBM Spectrum Scale	>=4.2.0.0<=4.2.0.4
IBM Spectrum Scale	>=4.2.1.0<=4.2.1.2
IBM Spectrum Scale	>=4.2.2.0<=4.2.2.3
IBM Spectrum Scale	>=4.2.3.0<=4.2.3.6
IBM Spectrum Scale	=5.0.0.0
IBM General Parallel File System Storage Server	=4.1.0.0
IBM General Parallel File System Storage Server	=4.1.0.1
IBM General Parallel File System Storage Server	=4.1.0.2
IBM General Parallel File System Storage Server	=4.1.0.3
IBM General Parallel File System Storage Server	=4.1.0.4
IBM General Parallel File System Storage Server	=4.1.0.5
IBM General Parallel File System Storage Server	=4.1.0.6
IBM General Parallel File System Storage Server	=4.1.0.7
IBM General Parallel File System Storage Server	=4.1.0.8

Remedy

http://www.ibm.com/support/docview.wss?uid=ssg1S1010869

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1654?
CVE-2017-1654 has a medium severity rating due to its potential impact on local user data exposure.
How do I fix CVE-2017-1654?
To mitigate CVE-2017-1654, upgrade IBM Spectrum Scale to version 4.2.4 or later.
Who is affected by CVE-2017-1654?
CVE-2017-1654 affects users of IBM Spectrum Scale versions 4.1.1 to 4.2.3 and IBM General Parallel File System 4.1.0.0 to 4.1.0.8.
What type of vulnerability is CVE-2017-1654?
CVE-2017-1654 is a local information disclosure vulnerability allowing unauthorized access to dump files.
Can CVE-2017-1654 lead to data exposure?
Yes, CVE-2017-1654 could allow unprivileged local users to access sensitive information from dump files.

agent/type
agent/references
agent/weakness
agent/author
agent/remedy
agent/severity
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm spectrum scale
version/ibm spectrum scale/4.1.1.0
version/ibm spectrum scale/4.1.1.18
version/ibm spectrum scale/4.2.0.0
version/ibm spectrum scale/4.2.0.4
version/ibm spectrum scale/4.2.1.0
version/ibm spectrum scale/4.2.1.2
version/ibm spectrum scale/4.2.2.0
version/ibm spectrum scale/4.2.2.3
version/ibm spectrum scale/4.2.3.0
version/ibm spectrum scale/4.2.3.6
version/ibm spectrum scale/5.0.0.0
canonical/ibm general parallel file system storage server
version/ibm general parallel file system storage server/4.1.0.0
version/ibm general parallel file system storage server/4.1.0.1
version/ibm general parallel file system storage server/4.1.0.2
version/ibm general parallel file system storage server/4.1.0.3
version/ibm general parallel file system storage server/4.1.0.4
version/ibm general parallel file system storage server/4.1.0.5
version/ibm general parallel file system storage server/4.1.0.6
version/ibm general parallel file system storage server/4.1.0.7
version/ibm general parallel file system storage server/4.1.0.8