7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Real-time Compression Appliance. Real-time Compression Appliance has addressed the applicable CVEs.
CVEID: CVE-2015-0209DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service.CVSS Base Score: 7.5CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2015-0286DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service.CVSS Base Score: 5CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-0287DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system.CVSS Base Score: 7.5CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2015-0288DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference.CVSS Base Score: 5CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-0289DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference.CVSS Base Score: 5CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-0292DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service.CVSS Base Score: 7.5CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2015-0293DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion.CVSS Base Score: 5CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Real-time Compression Appliance releases:
· 4.1
· 3.9
· 3.8
CPE | Name | Operator | Version |
---|---|---|---|
network attached storage (nas)->real-time compression appliances stn6500, stn6800, stn7800 | eq | any |