6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability in Gnu Transport Layer Security (GnuTLS) affects IBM SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2014-3466).
CVE ID: CVE-2014-3466
DESCRIPTION: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. malicious server might use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS. This action then causes the client application to crash or, possibly, execute arbitrary code.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93542> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
IBM SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance
The recommended solution is to download the IBM SmartCloud Provisioning 2.1 Fix Pack 5 for IBM Provided Software Virtual Appliance 2.1.0-TIV-ISCP-FP0005-SVA from Fix Central and apply it as soon as practical.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm service agility accelerator for cloud | eq | 2.1 |