CVE-2022-43869 : IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM

IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.

Published 2023-02-12 04:15:16

Updated 2023-02-21 20:40:28

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2022-43869

IBM » Spectrum Scale
Versions from including (>=) 5.1.3.0 and up to, including, (<=) 5.1.5.1
cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
IBM » Spectrum Scale
Versions from including (>=) 5.1.0.0 and up to, including, (<=) 5.1.2.8
cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
IBM » Elastic Storage System
Versions from including (>=) 6.1.0.0 and up to, including, (<=) 6.1.2.4
cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
IBM » Elastic Storage System
Versions from including (>=) 6.1.3.0 and up to, including, (<=) 6.1.4.1
cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-43869

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-43869

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	IBM Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-43869

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Assigned by: psirt@us.ibm.com (Primary)

References for CVE-2022-43869

https://www.ibm.com/support/pages/node/6909465

Security Bulletin: IBM Spectrum Scale GUI is vulnerable to "Format string attack" (CVE-2022-43869)
Patch;Vendor Advisory
https://www.ibm.com/support/pages/node/6909469

Security Bulletin: A vulnerability may affect the IBM Elastic Storage System GUI (CVE-2022-43869)
Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/239539

VDB Entry;Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-43869

Products affected by CVE-2022-43869

Exploit prediction scoring system (EPSS) score for CVE-2022-43869

CVSS scores for CVE-2022-43869

CWE ids for CVE-2022-43869

References for CVE-2022-43869