7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
55.3%
Public disclosed vulnerability from OpenSSL in the Fabric OS (FOS) used by IBM b-type SAN directors and switches.
CVEID:CVE-2021-4044
**DESCRIPTION:**OpenSSL could allow a remote attacker to bypass security restrictions, caused by invalid handling of X509_verify_cert() internal errors in libssl. By using a specially crafted certificate chain an attacker could induce incorrect, application dependent behaviour and cause a crash or infinite loop.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215348 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H)
Affected Product(s) | Version(s) |
---|---|
FOS | 7.X prior to 7.4.2j |
FOS | 8.X prior to 8.2.3c |
FOS | 9.0.X prior to 9.0.1e |
FOS | 9.1.X prior to 9.1.1 |
Product | VRMF | Fix |
---|---|---|
FOS | 9.1.1 | <https://www.ibm.com/support/pages/node/6371270> |
FOS | 9.0.1e |
<https://www.ibm.com/support/pages/node/6371270>
FOS| 8.2.3c|
https://www.ibm.com/support/pages/ibm-san-b-type-firmware-version-8x-qualification
FOS| 7.4.2j|
<https://www.ibm.com/support/pages/ibm-san-b-type-firmware-version-7x-qualification>
CPE | Name | Operator | Version |
---|---|---|---|
fos 7.x prior to | eq | 7.4.2j | |
fos 8.x prior to | eq | 8.2.3c | |
fos 9.0.x prior to | eq | 9.0.1e | |
fos 9.1.x prior to | eq | 9.1.1 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
55.3%