9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
A security vulnerability has been identified in Go shipped with IBM Cloud Schematics (CVE-2017-15041, CVE-2017-15042)
Title****
Security Bulletin: A security vulnerability has been identified in Go shipped with IBM Cloud Schematics (CVE-2017-15041, CVE-2017-15042)
Summary
Go is shipped as a component of IBM Cloud Schematics. Information about a security vulnerability affecting Go** **has been published in a security bulletin.
Vulnerability Details
Please consult the security bulletin <https://nvd.nist.gov/vuln/detail/CVE-2017-15041> and <https://nvd.nist.gov/vuln/detail/CVE-2017-15042> for vulnerability details and information about fixes.
Affected Products and Versions
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
IBM Cloud Schematics |
SaaS
| Go
1.7+
Remediation/Fixes
Refer to the following security bulletins for vulnerability details and information about fixes addressed by Go which is/are shipped with IBM Cloud Schematics.
<https://nvd.nist.gov/vuln/detail/CVE-2017-15041>
<https://nvd.nist.gov/vuln/detail/CVE-2017-15042>
IBM Cloud Schematics was upgraded to Go 1.9.1 by November, 10th 2017
Migration/Workarounds
- no migration required
- no workarounds available
Related Information (DCF will auto include the first 2 links below)
_IBM Secure Engineering Web Portal __
_IBM Product Security Incident Response Blog
Change History
IBM Cloud Schematics
Monitor the security notifications on the IBM Cloud Status page to be advised of future security bulletins.
Complete CVSS v2 Guide
On-line Calculator v2
Off
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
[{“Product”:{“code”:“SSF467”,“label”:“IBM Cloud Schematics”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Component”:“–”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“Version Independent”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}}]
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud schematics | eq | any |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P