Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1B92D87F7BA99C4AD9CBBE9A9751DE2DB03FCBB72AD14CD368B02FF1F8A10EFA
HistoryMar 08, 2021 - 6:46 p.m.

Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2015-7488)

2021-03-0818:46:29
www.ibm.com
3

0.002 Low

EPSS

Percentile

59.7%

JSON

Summary

There is a vulnerability in IBM Spectrum Scale packaged with IBM Spectrum Scale RAID for the Elastic Storage Server and the GPFS Storage Server.

Vulnerability Details

CVEID: CVE-2015-7488**
DESCRIPTION:** IBM Spectrum Scale could allow a local, unprivileged user or a user with network access to the IBM Spectrum Scale cluster_, _ access to the_ _LDAP directory bind user password when File protocol is deployed with LDAP / LDAP with Kerberos based authentication.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108784 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

The Elastic Storage Server versions 3.5, 3.0 and 2.5.

The GPFS Storage Server versions 2.5

Remediation/Fixes

When using the protocol access methods integrated with IBM Spectrum Scale V4.1.1, although those services may not run on Storage Server hardware, fixes for CVE-2015-7488 need to be applied to all nodes in the cluster regardless of whether they are configured as protocol nodes or not. Please reference the associated IBM Spectrum Scale security bulletin at <http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005580&gt;

For the Elastic Storage Server 3.5,0 and 3.5.1, obtain ESS 3.5.2 to upgrade your system

http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale+RAID&release=4.1.1&platform=All&function=all

For the Elastic Storage Server V3.0 and V2.5, you can remediate the vulnerabilities by migrating to the Elastic Storage Server 3.5.2 software which contains IBM Spectrum Scale V4.1.1.4 and IBM Spectrum Scale RAID V4.1.1 available at Fix Central

http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale+RAID&release=4.1.1&platform=All&function=all

In all cases, see the release note for details on installation.

For the GPFS Storage Server 2.5, contact Lenovo at http://shop.lenovo.com/us/en/systems/servers/high-density/gpfs-storage/

Note: The GPFS Storage Server 2.0 is not supported at the IBM Spectrum Scale V4.1.1 level. As such, nodes at that level using the integrated protocol access methods are not supported in a cluster with a GSS 2.0.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum scale raideq4.1

Related

prion 1
cvelist 1
ibm 4
nvd 1
cve 1
prion
prion
Design/Logic Flaw
2016-01-27 05:59:00
cvelist
cvelist
CVE-2015-7488
2016-01-27 02:00:00
ibm
ibm
Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2015-7488)
2018-08-01 21:11:12
Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7488)
2018-06-15 07:05:37
Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2015-7488)
2021-03-08 18:46:02
nvd
nvd
CVE-2015-7488
2016-01-27 05:59:02
cve
cve
CVE-2015-7488
2016-01-27 05:59:02

0.002 Low

EPSS

Percentile

59.7%

JSON
Related for 1B92D87F7BA99C4AD9CBBE9A9751DE2DB03FCBB72AD14CD368B02FF1F8A10EFA
prion1cvelist1ibm4nvd1cve1