Multiple vulnerabilities in IBM Storage Scale Container Native Storage Access
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-41738 CVE-2022-41737 |
| CWE-ID | CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Storage Scale Container Native Storage Access Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Authentication
EUVDB-ID: #VU91594
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41738
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker can initiate connections to containers from external networks.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Scale Container Native Storage Access: before 5.1.9.1
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7095312
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU91593
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41737
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A local user can initiate connections from a container outside the current namespace.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Scale Container Native Storage Access: before 5.1.9.1
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7095312
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
