9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
IBM SmartCloud Entry is vulnerable to several Python vulnerabilities. Remote Attackers can exploit them to execute arbitrary code or obtain sensetive information.
CVEID: CVE-2013-1752**
DESCRIPTION:** Python SSL module is vulnerable to denial of service, caused by an unlimited readline() function call. A remote attacker could exploit this vulnerability to exhaust all available memory resources.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90056 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2014-1912**
DESCRIPTION:** Python is vulnerable to a buffer overflow, caused by improper bounds checking by sock_recvfrom_into() function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90931 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-4650**
DESCRIPTION:** Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failure to properly handle URL-encoded path separators in URLs. An attacker could exploit this vulnerability to obtain the source code of CGI scripts.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93932 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-7185**
DESCRIPTION:** Python could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in bufferobject.c. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/96193 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 17
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 17
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance fix pack 18:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+3.1.0.4-IBM-SCE_APPL-FP18+&includeSupersedes=0
IBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance fix pack 18:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=3.2.0.4-IBM-SCE_APPL-FP18&includeSupersedes=0
None known
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud manager with openstack | eq | 3.1 | |
ibm cloud manager with openstack | eq | 3.2 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P