7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
61.2%
Two vulnerabilities affect BladeCenter SAS RAID Module.
Two vulnerabilities affect BladeCenter SAS RAID Module.
Vulnerability Details:
CVE-ID: CVE-2014-3018
Description: IBM SAS Connectivity Module (NSSM) and SAS RAID Module (RSSM) contain a denial of service when a large amount of IP packets are directed toward the device which would cause the device to reboot.
CVSS Base Score: 5.0
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93052> for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-3019
Description: IBM SAS Connectivity Module (NSSM) and SAS RAID Controller Module (RSSM) contain an unauthenticated telnet port that could allow a remote attacker to gain access to certain functions of the blade and storage pools.
CVSS Base Score: 6.4
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93054> for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P)
The following versions of IBM BladeCenter SAS RAID Module (RSSM) are affected:
It is recommended to apply the following fixes, available from IBM Fix Central:
None