A security vulnerability has been identified in all levels of IBM Elastic Storage Server that could allow an attacker to cause a denial of service. A fix for this vulnerability is available.
CVEID:CVE-2020-5015
**DESCRIPTION:**IBM Elastic Storage System could allow a remote attacker to cause a denial of service by sending malformed UDP requests.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193486 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Elastic Storage Server | 5.3.0 - 5.3.6.2 |
For IBM Elastic Storage Server V5.3.0 thru 5.3.6.2, apply V5.3.7 available from FixCentral at:
And then enable security on these system using the security tool provided in these release by running below steps :
- To enable security, from the container, run the command:
_ # ./gss_security -e_
where <node_name> is the node on which security needs to be enabled.
- You can verify it has been enabled by running the command,
None