9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerabilities in Python, rpcbind, SQLite packages affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance.
CVEID: CVE-2014-4650**
DESCRIPTION:** Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failure to properly handle URL-encoded path separators in URLs. An attacker could exploit this vulnerability to obtain the source code of CGI scripts.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93932 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-7185**
DESCRIPTION:** Python could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in bufferobject.c. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/96193 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-1752**
DESCRIPTION:** Python SSL module is vulnerable to denial of service, caused by an unlimited readline() function call. A remote attacker could exploit this vulnerability to exhaust all available memory resources.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90056 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2014-1912**
DESCRIPTION:** Python is vulnerable to a buffer overflow, caused by improper bounds checking by sock_recvfrom_into() function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90931 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2015-7236**
DESCRIPTION:** rpcbind is vulnerable to a denial of service, caused by a use-after-free in PMAP_CALLIT. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause the daemon to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106714 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-3416 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by the failure to properly handle precision and width values during floating-point conversions by the sqlite3VXPrintf function in printf.c. A remote attacker could exploit this vulnerability using large integers in a crafted printf function call to cause a denial of service and possibly have other unspecified impact.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102594 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
All releases of IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance
Note that the product software support discontinuance is approaching as per IBM Withdrawal Announcement 916-016 and fixes will only be available on request.
If you are running any release of IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.
None
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P