6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
IBM SONAS is shipped with Samba, for which a fix is available for security vulnerability.
Samba is used in IBM SONAS to enable file management and authentication services for Microsoft Windows environments.
CVEID: CVE-2017-9461**
DESCRIPTION:** Samba is vulnerable to a denial of service, caused by improper handling of dangling symlinks in smbd. A remote attacker could exploit this vulnerability to cause a fd_open_atomic infinite loop with high CPU usage and memory consumption on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126916 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
IBM SONAS
The product is affected when running a code releases 1.5.0.0 to 1.5.2.7
A fix for this issue is in version 1.5.2.8 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.8 or a later version, so that the fix gets applied.
Please contact IBM support for assistance in upgrading your system.
Mitigation(s): Ensure that all users who have access to the system are authenticated by another security system such as a firewall.
CPE | Name | Operator | Version |
---|---|---|---|
network attached storage (nas)->scale out network attached storage | eq | 1.5 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C