5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
A security vulnerability has been discovered in openLDAP that is embedded in the IBM FSM. This bulletin addresses the vulnerability.
CVEID: CVE-2015-6908**
DESCRIPTION:** OpenLDAP is vulnerable to a denial of service, caused by an assertion error in the ber_get_next() function. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause the slapd service to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106296 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Flex System Manager 1.3.4.x
Flex System Manager 1.3.3.x
Flex System Manager 1.3.2.x
Flex System Manager 1.3.1.x
Flex System Manager 1.3.0.x
Flex System Manager 1.2.x.x
Flex System Manager 1.1.x.x
IBM recommends updating the FSM using the instructions referenced in this table.
Product |
VRMF |
APAR |
Remediation
—|—|—|—
Flex System Manager|
1.3.4.x |
IT14623
| Install fsmfix_1.3.4.0_IT14622_IT14623_IT14624
Flex System Manager|
1.3.3.x |
IT14623
| Install fsmfix_1.3.3.0_IT14622_IT14623_IT14624
Flex System Manager|
1.3.2.x |
IT14623
| Install fsmfix_1.3.2.0_IT14622_IT14623_IT14624
Flex System Manager|
1.3.1.x |
IT14623
| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
Flex System Manager|
1.3.0.x |
IT14623
| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
Flex System Manager|
1.2.x.x |
IT14623
| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
Flex System Manager|
1.1.x.x |
IT14623
| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
None
CPE | Name | Operator | Version |
---|---|---|---|
flex system manager node | eq | any |