Security Bulletin
Summary
IBM SmartCloud Entry is vulnerable to a Nova vulnerability that allows a remote authenticated attacker to cause a denial of service.
IBM SmartCloud Entry is vulnerable to a Neutron vulnerability that allows an attacker to bypass firewall rules and gain access to applications.
Vulnerability Details
CVEID: CVE-2015-5240
DESCRIPTION: OpenStack Neutron could allow a remote authenticated attacker to bypass security restrictions, caused by an error when the device owner of an instance's port is modified immediately following port creation. An attacker could exploit this vulnerability using the port update to bypass firewall rules and gain access to the application.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106231 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2015-3280
DESCRIPTION: OpenStack Nova is vulnerable to a denial of service, caused by an error when an image is deleted while in resize state. A remote authenticated attacker could exploit this vulnerability using the original image from the compute node to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106083 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
IBM SmartCloud Entry 3.2 through Appliance fix pack 18
IBM SmartCloud Entry 3.1 through Appliance fix pack 18
Remediation/Fixes
|
Product | VRMF | APAR | Remediation/First Fix |
| IBM SmartCloud Entry | 3.2 | None | IBM SmartCloud Entry 3.2 Appliance fix pack 19: http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FOther%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=3.2.0.4&platform=All&function=fixId&fixids=3.2.0.4-IBM-SCE_APPL-FP19&includeSupersedes=0 |
| IBM SmartCloud Entry | 3.1 | None | IBM SmartCloud Entry 3.1 Appliance fix pack 19: http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FOther%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=3.1.0.4&platform=All&function=fixId&fixids=3.1.0.4-IBM-SCE_APPL-FP19&includeSupersedes=0 |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
21 March 2016: Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
18 July 2020
UID
isg3T1023494