7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.578 Medium
EPSS
Percentile
97.7%
There are vulnerabilities in the Open Source OpenSSL version that is used by the IBM® FlashSystem™ 840 and IBM FlashSystem 900. An exploit of these vulnerabilities could result in a denial of service. One vulnerability can result in a race condition, the result of which is of unknown impact.
CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-1789 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-1791 DESCRIPTION: A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-3216 DESCRIPTION: OpenSSL shipped with Red Hat Enterprise Linux is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103915
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
FlashSystem 840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE1 and 9843-AE1.
FlashSystem 900 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE2 and 9843-AE2.
FS840 & FS900 MTMs
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FlashSystem****840 MTM:
9840-AE1 9843-AE1
FlashSystem 900 MTMs:
9840-AE2 &
9843-AE2| A code fix is now available, the VRMF of this code level is 1.3.0.2 (or later)| _ _N/A| No workarounds or mitigations, other than applying this code fix, are known for this vulnerability
1.3.0.2 is available @ IBM’s Fix Central :840 fixes, download 1.3.0.2 or later
1.3.0.2 is available @ IBM’s Fix Central :900 fixes, download 1.3.0.2 or later
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm flashsystem 900 | eq | any | |
ibm flashsystem 900 | eq | any |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.578 Medium
EPSS
Percentile
97.7%