Vulnerability Details : CVE-2016-2985
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.
Exploit prediction scoring system (EPSS) score for CVE-2016-2985
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-2985
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2016-2985
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2985
-
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007994
IBM Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2016-2985 and CVE-2016-2984)Vendor Advisory
-
http://www.securityfocus.com/bid/92408
IBM Spectrum Scale and IBM GPFS Local Command Execution Vulnerability
Products affected by CVE-2016-2985
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system:3.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:4.1.1.7:*:*:*:*:*:*:*