Lucene search

IBM94740149BF6F0E09FE64342B9294E3BE708B2640CE112CA2C336C51C88B3BB18

HistoryApr 08, 2020 - 5:22 p.m.

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability in IBM® Runtime Environment Java™ Version 8

2020-04-0817:22:19

www.ibm.com

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Spectrum Scale Transparent Cloud Tiering. The IBM Spectrum Scale Transparent Cloud Tiering have addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
gpfs.tct.server	1.1.2
gpfs.tct.server	1.1.6
gpfs.tct.server	1.1.1
gpfs.tct.server	1.1.5
gpfs.tct.server	1.1.7
gpfs.tct.server	1.1.3

Remediation/Fixes

For Transparent Cloud Tiering 1.1.1.0 thru 1.1.7.3, apply Transparent Cloud Tiering 1.1.7.4 bundled with IBM Spectrum Scale V5.0.4.3 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.4&platform=All&function=all

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum scaleeq1.1.1.0
ibm spectrum scaleeq1.1.7.3

CPE	Name	Operator	Version
	ibm spectrum scale	eq	1.1.1.0
	ibm spectrum scale	eq	1.1.7.3

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for 94740149BF6F0E09FE64342B9294E3BE708B2640CE112CA2C336C51C88B3BB18