5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
IBM Cloud Manager with Openstack is vulnerable to a OpenStack Nova vulnerablities. An attacker could exploit this vulnerability to obtain sensitive information by a host data leak in resize/migration.
CVEID: CVE-2016-2140**
DESCRIPTION:** OpenStack Nova could allow a remote authenticated attacker to obtain sensitive information, caused by a host data leak in resize/migration. By overwriting a root disk with a malicious image, an attacker could exploit this vulnerability to read arbitrary files from the compute host and obtain sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111366 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.6
IBM Cloud Manager with OpenStack 4.2.0 through 4.2.0.3
IBM Cloud Manager with OpenStack 4.1.0 through 4.1.0.5
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Cloud Manager with OpenStack| 4.3.0| None| IBM Cloud Manager with Openstack 4.3 interim fix 3 for fix pack 6:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.3.0.6&platform=All&function=fixId&fixids=+4.3.0.6-IBM-CMWO-IF003+&includeSupersedes=0
IBM Cloud Manager with OpenStack| 4.2.0| None| IBM Cloud Manager with Openstack 4.2 interim fix 8 for fix pack 3:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.2.0.3&platform=All&function=fixId&fixids=+4.2.0.3-IBM-CMWO-IF008+&includeSupersedes=0
IBM Cloud Manager with OpenStack| 4.1.0| None| IBM Cloud Manager with Openstack 4.1 interim fix 4 for fix pack 5:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.1.0.5&platform=All&function=fixId&fixids=+4.1.0.5-IBM-CMWO-IF004+&includeSupersedes=0
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud manager with openstack | eq | 4.1.0 | |
ibm cloud manager with openstack | eq | 4.2.0 | |
ibm cloud manager with openstack | eq | 4.3.0 |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N