5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
There is a vulnerability in Open Source OpenSSL version that is used by the IBM FlashSystem V9000. An exploit of this vulnerability could result in a denial of service.
CVEID: CVE-2015-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101666 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
FlashSystem V9000 including machine type and models (MTMs) for all available code levels. MTMs affected include 9846-AC2 and 9848-AC2.
You should verify that applying this fix does not cause any compatibility issues.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
V9000 MTMs: | |||
9846-AE2, | |||
9848-AE2, | |||
9846-AC2, | |||
9848-AC2 | A code fix is now available, the VRMF of this code level is 7.4.1.1 (or later) for both the storage enclosure nodes (-AEx) and the control nodes (-ACx) | _ _N/A | No workarounds or mitigations, other than applying this code fix, are known for this vulnerability |
7.4.1.1 is available @ IBM’s Fix Central**:**V9000 fixes, download 7.4.1.1 or later
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm flashsystem v9000 | eq | any |