7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
IBM Cloud Manager has addressed vulnerabilities in OpenStack Nova/Glance/Cinder.
CVEID: CVE-2015-5162**
DESCRIPTION:** OpenStack Cinder, Glance and Nova are vulnerable to a denial of service, caused by the failure to limit qemu-img calls by the image parser. By using a specially-crafted disk image, a remote authenticated attacker could exploit this vulnerability to consume all available disk space.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118290 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.7
IBM Cloud Manager with OpenStack 4.1.0 through 4.1.0.5
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Cloud Manager with OpenStack| 4.3.0| None| IBM Cloud Manager with Openstack 4.3 for fix pack 7:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.7-IBM-CMWO-FP07&source=SAR&function=fixId&parent=ibm/Other%20software
IBM Cloud Manager with OpenStack| 4.1.0| None| IBM Cloud Manager with Openstack 4.1 interim fix 6 for fix pack 5:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.1.0.5-IBM-CMWO-IF006&source=SAR&function=fixId&parent=ibm/Other
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud manager with openstack | eq | 4.1.0 | |
ibm cloud manager with openstack | eq | 4.3.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C