Home Unlabelled IBM Security Bulletin: IBM Spectrum Scale Object Protocols functionality is affected by security vulnerabilities in OpenStack (CVE-2015-1852 and CVE-2015-7546)

IBM Security Bulletin: IBM Spectrum Scale Object Protocols functionality is affected by security vulnerabilities in OpenStack (CVE-2015-1852 and CVE-2015-7546)

By
Tuesday, June 13, 2017
Read
Add Comment

IBM Spectrum Scale Object Protocols functionality is affected by security vulnerabilities in OpenStack that could allow: – a man-in-the-middle attack, caused by an error in the api-paste.ini configuration file. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic (CVE-2015-1852) – a remote attacker to bypass security restrictions, caused by an error when using the PKI or PKIZ token providers. By manipulating the token contents of a revoked token, the revocation check will improperly consider the token as valid. An attacker could exploit this vulnerability using a revoked token to gain unauthorized access to cloud resources (CVE-2015-7546)

CVE(s): CVE-2015-1852, CVE-2015-7546

Affected product(s) and affected version(s):

IBM Spectrum Scale V4.2.1.0 thru V4.2.2.0

IBM Spectrum Scale V4.2.0.0 thru V4.2.0.4

IBM Spectrum Scale V4.1.1 thru V4.1.1.14

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2sY8BHa
X-Force Database: http://ift.tt/2sopxtx
X-Force Database: http://ift.tt/2sXx0wp

The post IBM Security Bulletin: IBM Spectrum Scale Object Protocols functionality is affected by security vulnerabilities in OpenStack (CVE-2015-1852 and CVE-2015-7546) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2sonplm
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us