CVE-2022-22411

MEDIUM

IBM Spectrum Scale DAS <5.1.3.1 - Code Injection

Title source: llm
STIX 2.1

Description

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6610277
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/223016

Scores

CVSS v3 6.5
EPSS 0.0009
EPSS Percentile 26.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-732
Status published
Products (1)
ibm/spectrum_scale_data_access_services 5.1.3.1
Published Aug 10, 2022
Tracked Since Feb 18, 2026