5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.001 Low
EPSS
Percentile
47.3%
Vulnerability found in IBM SAN Volume Controller, IBM Storwize, and IBM FlashSystem shipped with Cloud Pak System. Cloud Pak System has addressed this vulnerability.
CVEID:CVE-2021-29873
**DESCRIPTION:**IBM Flash System V9000 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak System | 2.3.0.1-2.3.3.4 |
SVC | Firmware |
Flash | Firmware |
v7000 | Firmware |
fs7200 | Firmware |
For unsupported release/version/platform IBM recommends to upgrade to supported fixed release of the product.
Recommended Firmware updates are listed in the table below. Firmware has been updated with IBM Cloud Pak System v2.3.3.5.
Product (s) | Fix Version(s) / Firmware |
---|---|
IBM Cloud Pak System | v2.3.3.5 |
SVC | 8.3.1.6 |
Flash | 1.6.1.4 |
v7000 | 7.8.1.15 supporting 2076-524, 2076-624 |
fs7200 | 8.5.0.3 supporting 2076-824 |
For IBM Cloud Pak System v2.3.0.1, v2.3.1.1, v2.3.2.0, v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 Interim Fix 1, v2.3.3.4
upgrade to IBM Cloud Pak System v2.3.3.5 at Fix Central
Information on upgrading : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak system software | eq | 2.3 |
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.001 Low
EPSS
Percentile
47.3%