5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
There is a vulnerability in Open Source OpenSSL version that is used by the IBM FlashSystem 900. An exploit of this vulnerability could result in a denial of service.
CVEID: CVE-2015-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101666 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM FlashSystem 900 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE2 and 9843-AE2.
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FlashSystem
**900 MTMs: **
9840-AE2 &
9843-AE2| A code fix is now available, the VRMF of this code level is 1.2.1.7 (or later)| N/A
| No work arounds or mitigations, other than applying this code fix, are known for this vulnerability
1.2.1.7 is available @ IBM’s Fix Central**:**900 fixes, download 1.2.1.7 or later
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm flashsystem 900 | eq | any |