9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
IBM SmartCloud Entry is vulnerable to Qemu-kvm vulnerabilities. Attackers could overflow a buffer and execute arbitrary code on the system or cause the application to crash, or could exploit these vulnerabilities to gain elevated privileges on the host system or cause a denial of service, modify access modes and execute arbitrary code on the system with the privileges of the Qemu process, or cause a denial of service.
CVE-2015-7512 CVE-2015-7504 CVE-2016-1714 CVE-2016-3710 CVE-2016-5403
CVEID: CVE-2015-7504**
DESCRIPTION:** Xen is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the QEMU PCNET controller. By sending a specially crafted packet while in the loopback mode, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108358 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-7512**
DESCRIPTION:** Qemu is vulnerable to a buffer overflow, caused by improper bounds checking by the AMD PC-Net II emulator. By sending specially crafted packets, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108362 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-1714**
DESCRIPTION:** QEMU could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds read/write access error when processing firmware configurations. An attacker with CAP_SYS_RAWIO capabilities could exploit this vulnerability to gain elevated privileges on the host system or cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110305 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-3710**
DESCRIPTION:** Xen could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict banked access to video memory by the Qemu VGA module. By setting the bank register, an attacker could exploit this vulnerability to modify access modes and execute arbitrary code on the system with the privileges of the Qemu process.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113038 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-5403**
DESCRIPTION:** Xen is vulnerable to a denial of service, caused by an unbounded memory allocation in QEMU. By sending a specially crafted virtio request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115591 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM SmartCloud Entry | 3.1 | None | IBM SmartCloud Entry 3.1.0 Appliance Fixpack 23: |
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP23&source=SAR
IBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance Fixpack 23:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud manager with openstack | eq | 3.1 | |
ibm cloud manager with openstack | eq | 3.2 |
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C