As of today, a security fix has been released for SmartCloud Provisioning 2.1 (SCP2.1) on IBM FixCentral, in the form of an Interim Fix (ifix).
The ifix requires SCP 2.1 FixPack 3 to be applied.
Once this ifix is applied the product security will be hardened, since the following issue will be solved:
Any user, even with READ-ONLY access to everything, has the ability to start/stop/DELETE ANY virtual system using the following CLI command:
where INST is the array index of the system in question.
NOTE: This issue appears to only be in the CLI, not GUI.
The ifix can be downloaded from:
- IBM SmartCloud Provisioning
Then "browse for fixes" or look for APAR ZZ00134
The fix consists of the two files: