6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
IBM SmartCloud Entry is vulnerable to a Nova vulnerability that allows a remote authenticated attacker to cause a denial of service.
IBM SmartCloud Entry is vulnerable to a Neutron vulnerability that allows an attacker to bypass firewall rules and gain access to applications.
CVEID: CVE-2015-5240**
DESCRIPTION:** OpenStack Neutron could allow a remote authenticated attacker to bypass security restrictions, caused by an error when the device owner of an instance’s port is modified immediately following port creation. An attacker could exploit this vulnerability using the port update to bypass firewall rules and gain access to the application.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106231 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2015-3280**
DESCRIPTION:** OpenStack Nova is vulnerable to a denial of service, caused by an error when an image is deleted while in resize state. A remote authenticated attacker could exploit this vulnerability using the original image from the compute node to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106083 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
IBM SmartCloud Entry 3.2 through Appliance fix pack 18
IBM SmartCloud Entry 3.1 through Appliance fix pack 18
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2 Appliance fix pack 19:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FOther%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=3.2.0.4&platform=All&function=fixId&fixids=3.2.0.4-IBM-SCE_APPL-FP19&includeSupersedes=0
IBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1 Appliance fix pack 19:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FOther%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=3.1.0.4&platform=All&function=fixId&fixids=3.1.0.4-IBM-SCE_APPL-FP19&includeSupersedes=0
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud manager with openstack | eq | 3.1 | |
ibm cloud manager with openstack | eq | 3.2 |