Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM23109926065FA8117C953DF5E86A6971999D00334AE7407AE1FCDD1CA0B9F9E4
HistoryJul 19, 2020 - 12:49 a.m.

Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-5240 CVE-2015-3280)

2020-07-1900:49:12
www.ibm.com
7

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

JSON

Summary

IBM SmartCloud Entry is vulnerable to a Nova vulnerability that allows a remote authenticated attacker to cause a denial of service.
IBM SmartCloud Entry is vulnerable to a Neutron vulnerability that allows an attacker to bypass firewall rules and gain access to applications.

Vulnerability Details

CVEID: CVE-2015-5240**
DESCRIPTION:** OpenStack Neutron could allow a remote authenticated attacker to bypass security restrictions, caused by an error when the device owner of an instance’s port is modified immediately following port creation. An attacker could exploit this vulnerability using the port update to bypass firewall rules and gain access to the application.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106231 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-3280**
DESCRIPTION:** OpenStack Nova is vulnerable to a denial of service, caused by an error when an image is deleted while in resize state. A remote authenticated attacker could exploit this vulnerability using the original image from the compute node to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106083 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

IBM SmartCloud Entry 3.2 through Appliance fix pack 18
IBM SmartCloud Entry 3.1 through Appliance fix pack 18

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2 Appliance fix pack 19:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FOther%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=3.2.0.4&platform=All&function=fixId&fixids=3.2.0.4-IBM-SCE_APPL-FP19&includeSupersedes=0
IBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1 Appliance fix pack 19:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FOther%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=3.1.0.4&platform=All&function=fixId&fixids=3.1.0.4-IBM-SCE_APPL-FP19&includeSupersedes=0

Workarounds and Mitigations

None

Related

cve 3
github 1
prion 3
ubuntucve 3
osv 1
debiancve 3
veracode 3
redhat 2
nessus 2
ibm 1
redhatcve 1
ubuntu 1
openvas 1
cve
cve
CVE-2015-3280
2015-10-26 17:59:00
CVE-2015-5240
2015-10-27 16:59:00
CVE-2016-7498
2016-09-27 15:59:00
github
github
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service
2022-05-14 01:58:45
prion
prion
Stack overflow
2015-10-26 17:59:00
Race condition
2015-10-27 16:59:00
Design/Logic Flaw
2016-09-27 15:59:00
ubuntucve
ubuntucve
CVE-2015-3280
2015-10-26 00:00:00
CVE-2015-5240
2015-10-27 00:00:00
CVE-2016-7498
2016-09-27 00:00:00
osv
osv
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service
2022-05-14 01:58:45
debiancve
debiancve
CVE-2015-3280
2015-10-26 17:59:00
CVE-2015-5240
2015-10-27 16:59:00
CVE-2016-7498
2016-09-27 15:59:00
veracode
veracode
Anti-Spoofing Controls Bypass
2019-01-15 09:07:59
Anti-Spoofing Controls Bypass
2018-09-25 02:54:22
Denial Of Service
2019-05-02 05:19:01
redhat
redhat
(RHSA-2015:1909) Moderate: openstack-neutron security and bug fix update
2015-10-15 15:53:29
(RHSA-2015:1898) Moderate: openstack-nova security update
2015-10-15 12:09:54
nessus
nessus
RHEL 6 / 7 : openstack-neutron (RHSA-2015:1909)
2024-04-24 00:00:00
Ubuntu 14.04 LTS : OpenStack Nova vulnerabilities (USN-3449-1)
2017-10-12 00:00:00
ibm
ibm
Security Bulletin: IBM PowerVC is impacted by OpenStack Compute denial of service vulnerability (CVE-2016-7498)
2018-06-18 00:00:27
redhatcve
redhatcve
CVE-2016-7498
2016-09-23 03:17:43
ubuntu
ubuntu
OpenStack Nova vulnerabilities
2017-10-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3449-1)
2017-10-12 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

JSON
Related for 23109926065FA8117C953DF5E86A6971999D00334AE7407AE1FCDD1CA0B9F9E4
cve3github1prion3ubuntucve3osv1debiancve3veracode3redhat2nessus2ibm1redhatcve1ubuntu1openvas1