2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
IBM SmartCloud Entry is vulnerable to a strongSwan issue, which allows a remote authenticated attacker exploit this vulnerability to obtain user credentials and other sensitive information.
CVEID: CVE-2015-4171**
DESCRIPTION:** strongSwan could allow a remote authenticated attacker to obtain sensitive information, caused by an error in IKEv2 connections related to server authentication with a certificate and EAP or pre-shared keys. An attacker could exploit this vulnerability to obtain user credentials and other sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103885 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 3
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 3
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 3
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 17
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 17
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SmartCloud Entry| 2.2| None| IBM SmartCloud Entry 2.2.0 Appliance fix pack 4:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+Starter+Kit+for+Cloud&release=All&platform=All&function=fixId&fixids=2.2.0.4-IBM-SKC_APPL-FP004&includeSupersedes=0
IBM SmartCloud Entry| 2.3| None| IBM SmartCloud Entry 2.3.0 Appliance fix pack 4:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+2.3.0.4-IBM-SCE_APPL-FP004+&includeSupersedes=0
IBM SmartCloud Entry| 2.4| None| IBM SmartCloud Entry 2.4.0 Appliance fix pack 4:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+2.4.0.4-IBM-SCE_APPL-FP004+&includeSupersedes=0
IBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance fix pack 18:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=3.1.0&platform=All&function=fixId&fixids=+3.1.0.4-IBM-SCE_APPL-FP18+&includeSupersedes=0
IBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance fix pack 18:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+3.2.0.4-IBM-SCE_APPL-FP18+&includeSupersedes=0
None