Vulnerability Details : CVE-2015-0198
IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors.
Vulnerability category: BypassGain privilege
Products affected by CVE-2015-0198
- cpe:2.3:a:ibm:general_parallel_file_system:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0198
0.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0198
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-0198
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0198
-
http://www-304.ibm.com/support/docview.wss?uid=swg21902662
IBM Security Bulletin: Multiple vulnerabilities in GPFS affects IBM® DB2® LUW on AIX and Linux (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)
-
http://www.securitytracker.com/id/1032880
IBM DB2 Lets Local and Remote Users Gain Root Privileges and Local Users Deny Service - SecurityTracker
-
http://www-01.ibm.com/support/docview.wss?uid=isg3T1022062
IBM Security Bulletin: IBM General Parallel File System is affected by security vulnerabilities (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/73278
IBM General Parallel File System CVE-2015-0198 Unspecified Remote Code Execution Vulnerability
Jump to