CVE-2024-31891

{"id": "CVE-2024-31891", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-12-14T13:15:17.630", "references": [{"url": "https://www.ibm.com/support/pages/node/7178098", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 \n\ncontains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system."}, {"lang": "es", "value": "IBM Storage Scale GUI 5.1.9.0 a 5.1.9.6 y 5.2.0.0 a 5.2.1.1 contiene una vulnerabilidad de escalada de privilegios locales. Un actor malintencionado con acceso de l\u00ednea de comandos al usuario 'scalemgmt' puede elevar los privilegios para obtener acceso ra\u00edz al sistema operativo host."}], "lastModified": "2025-07-25T20:57:17.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10D89EC1-B7FA-4DFB-B1F8-E2117B70B6EA", "versionEndExcluding": "5.1.9.7", "versionStartIncluding": "5.1.9.0"}, {"criteria": "cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A39FAEE-68DE-42C3-BE32-693A6054946F", "versionEndExcluding": "5.2.2.0", "versionStartIncluding": "5.2.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}