5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
IBM SONAS is shipped with GNU glibc, for which a fix is available for a security vulnerability.
CVEID: CVE-2013-7423
DESCRIPTION: GNU glibc could allow a local attacker to obtain sensitive information, caused by an issue that could occur under high load. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 1.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100647> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N)
IBM SONAS
The product is affected when running a code releases 1.5.0.0 to 1.5.2.1
A fix for these issues is in version 1.5.2.2 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.2 or a later version, so that the fix gets applied.
Please contact IBM support for assistance in upgrading your system.
Workaround(s): None
Mitigation(s): None
CPE | Name | Operator | Version |
---|---|---|---|
network attached storage (nas)->scale out network attached storage | eq | 1.5 |