Severity: CVSS 9.6 (Critical)
This advisory details two closely related vulnerabilities affecting versions of Spectrum LSF which can allow an adversary to gain root access to a cluster.
HPCsec took a look at whether the recent critical vulnerabilities in IBM Websphere (CVE-2020-4448 + CVE-2020-4450) affect Spectrum Scale GUI users
A vulnerability was identified within IBM Spectrum LSF which made it was possible to impersonate other users when submitting jobs for execution. Additionally, it was found to be possible to impersonate and execute jobs as root, even where root job submission is disabled.
A command injection vulnerability in GPFS / Spectrum Scale allows attackers to escalate privileges to root