Lucene search

IBMD5310532366C30B358325FA0DC40939D00D45D5DB9D36C0946BD7A59C7793944

HistoryMay 20, 2020 - 12:58 p.m.

Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2019-10218)

2020-05-2012:58:04

www.ibm.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

IBM Storwize V7000 Unified is shipped with Samba, for which a fix is available for a security vulnerability.

Vulnerability Details

CVEID:CVE-2019-10218
**DESCRIPTION:**Samba could allow a remote attacker to traverse directories on the system, caused by improper validation of input when processing directory traversal sequences in filenames within Samba client code (libsmbclient). An attacker could exploit this vulnerability to create local files outside the current working directory.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/170503 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Storwize V7000 Unified	1.6.0.0 - 1.6.2.7

Remediation/Fixes

A fix for this issue is in version 1.6.2.8 of IBM Storwize V7000 Unified. Customers running an affected version of V7000 Unified should upgrade to 1.6.2.8 or a later version, so that the fix gets applied.

Latest Storwize V7000 Unified Software

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm storwize v7000 unified (2073)eq1.6

CPE	Name	Operator	Version
	ibm storwize v7000 unified (2073)	eq	1.6

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for D5310532366C30B358325FA0DC40939D00D45D5DB9D36C0946BD7A59C7793944