CVE-2025-36104
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-12
Last updated on: 2025-07-23
Assigner: IBM Corporation
Description
Description
IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | storage_scale | 5.2.3.0 |
| ibm | storage_scale | 5.2.3.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-277 | A product defines a set of insecure permissions that are inherited by objects that are created by the program. |
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Storage Scale versions 5.2.3.0 and 5.2.3.1 allows an authenticated user to obtain sensitive information from files because of insecure permissions that are inherited through the SMB protocol.
How can this vulnerability impact me? :
An attacker who is authenticated could access sensitive information from files without proper authorization, potentially leading to data exposure or leakage.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70