Rewterz Threat Advisory – CVE-2021-27436 – ICS: Advantech WebAccess/SCADA cross-site scripting
March 17, 2021Rewterz Threat Alert – APT Group Turla – Active IOCs
March 17, 2021Rewterz Threat Advisory – CVE-2021-27436 – ICS: Advantech WebAccess/SCADA cross-site scripting
March 17, 2021Rewterz Threat Alert – APT Group Turla – Active IOCs
March 17, 2021Severity
Medium
Analysis Summary
CVE-2020-4891
IBM Spectrum Scale uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials.
CVE-2020-4890
IBM Spectrum Scale could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absence of rate limiting.
CVE-2020-4851
IBM Spectrum Scale could allow a local user to poison log files which could impact support and development efforts.
Impact
- Information disclosure
- Denial of service
- Data manipulation
Affected Vendors
IBM
Affected Products
- IBM Spectrum Scale 5.0.0
- IBM Spectrum Scale 5.0.5.5
- IBM Spectrum Scale 5.1.0
- IBM Spectrum Scale 5.1.0.2
Remediation
Refer to IBM Security Bulletin 6405774 for patch, upgrade or suggested workaround information.