5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
IBM SmartCloud Entry is vulnerable to a TLS vulnerability, which allows the attackers exploit this vulnerablility to obtain credentials.
CVEID: CVE-2015-7575**
DESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109415 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 17
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 17
IBM SmartCloud Entry
| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance fix pack 18:http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=3.1.0&platform=All&function=fixId&fixids=+3.1.0.4-IBM-SCE_APPL-FP18+&includeSupersedes=0
—|—|—|—
IBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance fix pack 18:http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+3.2.0.4-IBM-SCE_APPL-FP18+&includeSupersedes=0
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud manager with openstack | eq | 3.1 | |
ibm cloud manager with openstack | eq | 3.2 | |
ibm cloud manager with openstack | eq | any |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N