Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6E2D3819BB91720DD95F08E678797619A17C2B43E38A1948D46725FDAE2AEC1F
HistoryApr 08, 2021 - 8:59 p.m.

Security Bulletin: Vulnerabilities in GPFS affect InfoSphere BigInsights (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

2021-04-0820:59:42
www.ibm.com
8

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

GPFS is an IBM component that can be used as distributed file system in Big Insights. The GPFS that is shipped with InfoSphere BigInsights contains multiple security vulnerabilities. These vulnerabilities could allow a local attacker to execute programs with root privileges, and cause memory corruption. InfoSphere BigInsights has addressed the vulnerabilities.

Vulnerability Details

CVEID: CVE-2015-0197**
DESCRIPTION:** IBM General Parallel File System could allow a local attacker which only has a non-privileged account to execute programs with root privileges.
CVSS Base Score: 6.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101224 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-0199**
DESCRIPTION:** IBM General Parallel File System allows attackers to cause kernel memory corruption by issuing specific ioctl calls to a character device provided by the mmfslinux kernel module and escalate privileges or cause a denial of service.
CVSS Base Score: 6.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101226 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-0198**
DESCRIPTION:** IBM General Parallel File System may not properly authenticate network requests and could allow an attacker to execute programs remotely with root privileges.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101225 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Customers who have setup GPFS as BigInsights distributed file system.

IBM InfoSphere BigInsights 2.1 through 3.0.0.2

Remediation/Fixes

The recommended solution is to apply the appropriate fix for this vulnerability. For all the affected versions apply the interim fix available from Fix Central

Related

ibm 6
nessus 6
cve 3
prion 3
kaspersky 1
ibm
ibm
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® General Parallel File System shipped with IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics
2019-10-18 03:50:04
Security Bulletin: Multiple vulnerabilities in GPFS affects IBM® DB2® LUW on AIX and Linux (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)
2018-06-16 13:10:58
Security Bulletin: IBM General Parallel File System is affected by security vulnerabilities (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)
2021-06-25 16:46:35
nessus
nessus
IBM DB2 10.5 < Fix Pack 6 Multiple Vulnerabilities (Bar Mitzvah)
2016-04-15 00:00:00
IBM DB2 10.5 <= Fix Pack 5 Multiple Vulnerabilities
2015-07-18 00:00:00
IBM DB2 10.5 < Fix Pack 6 Multiple Vulnerabilities (Bar Mitzvah)
2015-09-18 00:00:00
cve
cve
CVE-2015-0197
2015-03-24 02:01:00
CVE-2015-0199
2015-03-24 02:01:00
CVE-2015-0198
2015-03-24 02:01:00
prion
prion
Design/Logic Flaw
2015-03-24 02:01:00
Memory corruption
2015-03-24 02:01:00
Authentication flaw
2015-03-24 02:01:00
kaspersky
kaspersky
KLA10487 Multiple vulnerabilities in IBM GPFS
2015-03-23 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for 6E2D3819BB91720DD95F08E678797619A17C2B43E38A1948D46725FDAE2AEC1F
ibm6nessus6cve3prion3kaspersky1