{"api_version":"1","generated_at":"2026-05-06T23:28:54+00:00","cve":"CVE-2022-40607","urls":{"html":"https://cve.report/CVE-2022-40607","api":"https://cve.report/api/cve/CVE-2022-40607.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-40607","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-40607"},"summary":{"title":"CVE-2022-40607","description":"IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2022-12-19 20:15:00","updated_at":"2023-11-07 03:52:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/235740","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/235740","refsource":"MISC","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/6848231","name":"https://www.ibm.com/support/pages/node/6848231","refsource":"MISC","tags":[],"title":"Security Bulletin: A vulnerability in IBM Spectrum Scale CSI could allow unauthorized access (CVE-2022-40607)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-40607","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40607","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"40607","vulnerable":"1","versionEndIncluding":"5.1.4.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"spectrum_scale","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40607","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-40607","ASSIGNER":"psirt@us.ibm.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweId":"CWE-22"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"Spectrum Scale","version":{"version_data":[{"version_value":"5.1","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.ibm.com/support/pages/node/6848231","refsource":"MISC","name":"https://www.ibm.com/support/pages/node/6848231"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/235740","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/235740"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2022-12-19 20:15:00","lastModifiedDate":"2023-11-07 03:52:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*","versionEndIncluding":"5.1.4.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}