IBM Support

Security Bulletin: IBM Cloud Manager with OpenStack is affected by an OpenStack Nova vulnerability

Created by Shyamala Rajagopalan on
Published URL:
https://www.ibm.com/support/pages/node/664901
664901

Security Bulletin


Summary

A security vulnerability has been identified in OpenStack Nova that is used by IBM Cloud Manager with OpenStack. This vulnerability only affects IBM Cloud Manager with OpenStack version that ships kilo version of OpenStack.
IBM Cloud Manager with OpenStack has addressed these vulnerabilities.

Vulnerability Details

CVEID: CVE-2017-16239
DESCRIPTION:
OpenStack Nova could allow a remote authenticated attacker to bypass security restrictions. By rebuilding an instance, an attacker could exploit this vulnerability to achieve Filter Scheduler bypass.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/135002 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product Name

Affected Versions
IBM Cloud Manager with OpenStack4.3

Workarounds and Mitigations

Product

VRMF
Remediation / First Fix
IBM Cloud Manager with OpenStack4.3Upgrade to 4.3 FP 10:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.10-IBM-CMWO-FP10&source=SAR

Get Notified about Future Security Bulletins

References

Off

Change History

23 April 2018: Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SST55W","label":"IBM Cloud Manager with OpenStack"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}],"Version":"4.3.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
07 August 2018

UID

isg3T1027527