6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
Openstack Neutron is vulnerable to a denial of service, caused by improper validation of user-supplied input. By using specially-crafted content, a remote authenticated attacker could exploit this vulnerability to cause the application to crash.
CVEID: CVE-2018-14635 Description: When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool.
CVSS Base Score: 6.5 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/150091 for the current score. *CVSS Environmental Score:**Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product | Affected Version |
---|---|
IBM PowerVC Standard | 1.3.3 |
IBM PowerVC Standard | 1.4.0 |
IBM PowerVC Standard | 1.4.1 |
IBM Cloud PowerVC Manager | 1.3.3 |
IBM Cloud PowerVC Manager | 1.4.0 |
IBM Cloud PowerVC Manager | 1.4.1 |
Product | VRMF | APAR | Remediation / First Fix |
---|
IBM PowerVC Standard and
IBM Cloud PowerVC Manager
IBM PowerVC Standard and
IBM Cloud PowerVC Manager
| 1.4.0 | IT27706 |
IBM PowerVC Standard and
IBM Cloud PowerVC Manager
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud powervc manager | eq | 1.3.3 | |
ibm cloud powervc manager | eq | 1.4.0 | |
ibm cloud powervc manager | eq | 1.4.1 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P