Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM11003D43CF910EB9D6B54B26E0023F0345D7F96A2C1EB4E5AB79BC99120016D9
HistoryJun 15, 2018 - 7:05 a.m.

Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7488)

2018-06-1507:05:37
www.ibm.com
8

0.002 Low

EPSS

Percentile

59.7%

JSON

Summary

A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 thru 4.1.1.3 and V4.2.0.0 that could allow a local, unprivileged user or a user with network access to the IBM Spectrum Scale cluster, access to the LDAP directory bind user password when File protocol is deployed with LDAP / LDAP with Kerberos based authentication.

IBM PureApplication System provides a GPFS pattern and addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2015-7488**
DESCRIPTION:** IBM Spectrum Scale could allow a local, unprivileged user or a user with network access to the IBM Spectrum Scale cluster_, access to the _LDAP directory bind user password when File protocol is deployed with LDAP / LDAP with Kerberos based authentication.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108784 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

ยท IBM PureApplication System V2.1.2.0 (GPFS Pattern type 1.2.4.0) using IBM GPFS V4.1.1.2
ยท IBM PureApplication System V2.2.0 (GPFS Pattern type 1.2.5.0) using IBM GPFS V4.1.1.3

Remediation/Fixes

GPFS server or client instances deployed with the affected GPFS Pattern versions are vulnerable. To determine whether deployed GPFS server or client instances are affected by these GPFS security vulnerabilities, run the Get Cluster Status operation ( for a GPFS server instance ) or the GPFS Client Status operation ( for a GPFS client instance ) to verify the version reported for the GPFS nodes.

The solution is to apply the following interim fix:

GPFS 4.1.1.5
http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.1.1.0&platform=Linux&function=fixId&fixids=update-gpfs-4.1.1.5&includeRequisites=0&includeSupersedes=0&downloadMethod=http

Workarounds and Mitigations

None

Related

prion 1
cvelist 1
ibm 4
nvd 1
cve 1
prion
prion
Design/Logic Flaw
2016-01-27 05:59:00
cvelist
cvelist
CVE-2015-7488
2016-01-27 02:00:00
ibm
ibm
Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2015-7488)
2018-08-01 21:11:12
Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2015-7488)
2021-03-08 18:46:29
Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2015-7488)
2021-03-08 18:46:02
nvd
nvd
CVE-2015-7488
2016-01-27 05:59:02
cve
cve
CVE-2015-7488
2016-01-27 05:59:02

0.002 Low

EPSS

Percentile

59.7%

JSON
Related for 11003D43CF910EB9D6B54B26E0023F0345D7F96A2C1EB4E5AB79BC99120016D9
prion1cvelist1ibm4nvd1cve1