4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
Real time compression appliance affected by one Open SSL issue.
CVEID: CVE-2015-3216
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103915 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Version
| Release|Remediation/First Fix
—|—|—
4.1.2| 4.1.2.14| 4.1.2.14
3.9.1| NA| NA
3.8.0| NA| NA
4.1.2.14 Fix is now available - 4.1.2.14
For 3.8 IBM recommends upgrading to a fixed, supported version/release/platform of the product.
For 3.9 IBM recommends upgrading to a fixed, supported version/release/platform of the product
None
CPE | Name | Operator | Version |
---|---|---|---|
network attached storage (nas)->real-time compression appliances stn6500, stn6800, stn7800 | eq | any |