Medium Severity

IBM Security Bulletin: PowerVC is impacted by an OpenStack Neutron vulnerability related to security group rules (CVE-2019-10876)

Share this post:

OpenStack Neutron is vulnerable to a denial of service, caused by a flaw in the neutron-openvswitch-agent. By creating two security groups with separate/overlapping port ranges, a remote authenticated attacker could exploit this vulnerability to prevent Neutron from being able to configure networks on any compute nodes.

CVE(s): CVE-2019-10876

Affected product(s) and affected version(s):

Affected Product Affected Version
IBM PowerVC Standard 1.4.1
IBM PowerVC Standard 1.4.2
IBM Cloud PowerVC Manager 1.4.1
IBM Cloud PowerVC Manager 1.4.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/1074813
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159259

More stories

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-4304)

Mar 25, 2020 8:00 pm EDT | Medium Severity

IBM WebSphere Application Server Liberty is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. ...read more


Security Bulletin: Security vulnerability is identified in Apache POI server where Rational Asset Manager is deployed (CVE-2019-12415)

Mar 24, 2020 8:01 pm EDT | Medium Severity

The Apache POI that is bundled along with Rational Asset Manager has a potential security vulnerability, which could be exploited by a remote attacker to obtain sensitive information. Respective security vulnerabilities are discussed in detail in the subsequent sections. ...read more


Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-4441)

Mar 24, 2020 8:00 pm EDT | Medium Severity

IBM WebSphere Application Server is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. ...read more