Vulnerability Details : CVE-2021-29740
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.
Vulnerability category: OverflowExecute code
Products affected by CVE-2021-29740
- cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-29740
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-29740
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
8.4
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.5
|
5.9
|
IBM Corporation | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-29740
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-29740
-
https://www.ibm.com/support/pages/node/6457629
Security Bulletin: A format string security vulnerability has been identified in IBM Spectrum Scale (CVE-2021-29740)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/201474
IBM Spectrum Scale privilege escalation CVE-2021-29740 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to