{"api_version":"1","generated_at":"2026-05-06T23:30:05+00:00","cve":"CVE-2021-29740","urls":{"html":"https://cve.report/CVE-2021-29740","api":"https://cve.report/api/cve/CVE-2021-29740.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-29740","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-29740"},"summary":{"title":"CVE-2021-29740","description":"IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2021-06-01 14:15:00","updated_at":"2021-06-07 19:35:00"},"problem_types":["CWE-134"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/201474","name":"ibm-spectrum-cve202129740-priv-escalation (201474)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/6457629","name":"https://www.ibm.com/support/pages/node/6457629","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: A format string security vulnerability has been identified in IBM Spectrum Scale (CVE-2021-29740)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-29740","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29740","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"29740","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"spectrum_scale","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-29740","qid":"376681","title":"IBM Spectrum Scale Format String Security Vulnerability (6457629)"}]},"source_records":{"cve_program":{"impact":{"cvssv3":{"TM":{"RL":"O","E":"U","RC":"C"},"BM":{"I":"H","S":"U","AC":"L","A":"H","PR":"N","C":"H","AV":"L","SCORE":"8.400","UI":"N"}}},"data_version":"4.0","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Gain Privileges"}]}]},"CVE_data_meta":{"ID":"CVE-2021-29740","ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2021-05-31T00:00:00","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"Spectrum Scale","version":{"version_data":[{"version_value":"5.0.0"},{"version_value":"5.1.0"},{"version_value":"5.0.5.6"},{"version_value":"5.1.0.3"}]}}]}}]}},"data_type":"CVE","description":{"description_data":[{"value":"IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.","lang":"eng"}]},"data_format":"MITRE","references":{"reference_data":[{"url":"https://www.ibm.com/support/pages/node/6457629","refsource":"CONFIRM","name":"https://www.ibm.com/support/pages/node/6457629","title":"IBM Security Bulletin 6457629 (Spectrum Scale)"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/201474","title":"X-Force Vulnerability Report","name":"ibm-spectrum-cve202129740-priv-escalation (201474)","refsource":"XF"}]}},"nvd":{"publishedDate":"2021-06-01 14:15:00","lastModifiedDate":"2021-06-07 19:35:00","problem_types":["CWE-134"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1.0","versionEndExcluding":"5.1.1.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0.0","versionEndExcluding":"5.0.5.7","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"29740","Ordinal":"204970","Title":"CVE-2021-29740","CVE":"CVE-2021-29740","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"29740","Ordinal":"1","NoteData":"IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"29740","Ordinal":"2","NoteData":"2021-06-01","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"29740","Ordinal":"3","NoteData":"2021-06-01","Type":"Other","Title":"Modified"}]}}}