A security vulnerability has been identified in all levels of IBM Elastic Storage System that could allow an attacker to cause a denial of service. A fix for this vulnerability is available.
CVEID:CVE-2020-5015
**DESCRIPTION:**IBM Elastic Storage System could allow a remote attacker to cause a denial of service by sending malformed UDP requests.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193486 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Elastic Storage System | 6.0.0 - 6.0.1.2 |
IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000 and 5000 to the following code levels or higher:
V6.1.0.0 or V6.0.2.0 or later.
And then enable security on these system using the security tool provided in these release by running below steps :
- To enable security, from the container, run the command:
where <node_name> is the node on which security needs to be enabled.
- One can verify it has been enabled by running the command,
None