Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM94844D84E1502CC903F544B7CBDDEA56B9CC927EE88E43E423C5BADE7DDDAAF6
HistoryJun 18, 2018 - 12:10 a.m.

Security Bulletin: IBM Virtualization Engine TS7700 Is Affected by IBM GPFS Security Vulnerabilities (CVE-2015-4974 CVE-2015-4981)

2018-06-1800:10:37
www.ibm.com
9

EPSS

0

Percentile

5.1%

JSON

Summary

Security vulnerabilities have been identified in the current levels of IBM GPFS as used by the TS7700:
- could allow a local non privileged attacker to execute commands with root privileges (CVE-2015-4974)
- could allow a local non privileged attacker to read system memory contents (CVE-2015-4981)

Vulnerability Details

CVEID: CVE-2015-4974**
DESCRIPTION:** IBM General Parallel File System could allow a local non privileged attacker to execute commands with root privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105789 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4981**
DESCRIPTION:** IBM General Parallel File System could allow a local non privileged attacker to read system memory contents
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105831 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

All versions of microcode for the IBM Virtualization Engine TS7700 (3957-V06, 3957-V07, 3957-VEA, 3957-VEB) in releases R3.0 and R3.1 are affected. In addition, microcode versions of releases R3.2 and R3.3 prior to and including the following are also affected:

Release

| Version
—|—
R3.3| 8.33.0.45
R3.2| 8.32.2.1

Remediation/Fixes

Contact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode level followed by the installation of vtd_exec.229. Minimum microcode levels are shown below:

Release

| Fix
—|—
R3.3| Upgrade to 8.33.0.45 or later + vtd_exec.229
R3.2| Upgrade to 8.32.2.1 or 8.32.1.8 or later + vtd_exec.229
R3.0 or R3.1| Upgrade to 8.32.2.1 or later + vtd_exec.229

Please note that vtd_exec packages carry their own internal version numbers. For the vulnerabilities reported in this Security Bulletin, the minimum required vtd_exec version is as follows: Package Version
vtd_exec.229 2.0

Workarounds and Mitigations

Although IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.

Related

ibm 7
cve 2
nvd 2
cvelist 2
prion 2
ibm
ibm
Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2015-4974, CVE-2015-4981)
2018-08-01 21:28:32
Security Bulletin: GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2015-4974 and CVE-2015-4981)
2018-06-18 00:10:09
Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2015-4974 and CVE-2015-4981)
2018-06-18 00:10:08
cve
cve
CVE-2015-4981
2015-10-26 02:59:01
CVE-2015-4974
2015-10-26 02:59:00
nvd
nvd
CVE-2015-4981
2015-10-26 02:59:01
CVE-2015-4974
2015-10-26 02:59:00
cvelist
cvelist
CVE-2015-4981
2015-10-26 01:00:00
CVE-2015-4974
2015-10-26 01:00:00
prion
prion
Design/Logic Flaw
2015-10-26 02:59:00
Command injection
2015-10-26 02:59:00

EPSS

0

Percentile

5.1%

JSON
Related for 94844D84E1502CC903F544B7CBDDEA56B9CC927EE88E43E423C5BADE7DDDAAF6
ibm7cve2nvd2cvelist2prion2