CVE-2024-31891

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7178098	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:storage_scale::::::::
	cpe:2.3:a:ibm:storage_scale::::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-14 13:15

Updated : 2025-07-25 20:57

NVD link : CVE-2024-31891

Mitre link : CVE-2024-31891

CVE.ORG link : CVE-2024-31891

JSON object : View

Products Affected

linux

linux_kernel

ibm

storage_scale

CWE

CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2024-31891", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-12-14T13:15:17.630", "references": [{"url": "https://www.ibm.com/support/pages/node/7178098", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 \n\ncontains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system."}, {"lang": "es", "value": "IBM Storage Scale GUI 5.1.9.0 a 5.1.9.6 y 5.2.0.0 a 5.2.1.1 contiene una vulnerabilidad de escalada de privilegios locales. Un actor malintencionado con acceso de l\u00ednea de comandos al usuario 'scalemgmt' puede elevar los privilegios para obtener acceso ra\u00edz al sistema operativo host."}], "lastModified": "2025-07-25T20:57:17.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10D89EC1-B7FA-4DFB-B1F8-E2117B70B6EA", "versionEndExcluding": "5.1.9.7", "versionStartIncluding": "5.1.9.0"}, {"criteria": "cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A39FAEE-68DE-42C3-BE32-693A6054946F", "versionEndExcluding": "5.2.2.0", "versionStartIncluding": "5.2.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}