Vulnerability Details : CVE-2020-4756
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.
Vulnerability category: Denial of service
Products affected by CVE-2020-4756
- cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*
- IBM » Elastic Storage ServerVersions from including (>=) 6.0.0.0 and up to, including, (<=) 6.0.1.0cpe:2.3:a:ibm:elastic_storage_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-4756
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-4756
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
6.2
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.5
|
3.6
|
IBM Corporation | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2020-4756
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-4756
-
https://www.ibm.com/support/pages/node/6349475
Security Bulletin: A vulnerability in IBM Spectrum Scale packaged in IBM Elastic Storage System could cause a denial of service (CVE-2020-4756)Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/188599
IBM Spectrum Scale and IBM Elastic Storage System denial of service CVE-2020-4756 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/pages/node/6349469
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged local user may cause a denial of service ( CVE-2020-4411)Patch;Vendor Advisory
Jump to