7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
The Python cryptography package which provides both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions, is used by IBM Ansible plug-in. This library is vulnerable to CVE-2024-26130.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Red Hat Certified Ansible Collection for IBM Storage Virtualize | all versions < 2.3.1 |
Update Python to version >= 3.9
Update ibm.storage_virtualize to version >= 2.3.1
Verify that cryptography >= 42.0.5 is installed. It will be installed along with ibm.storage_virtualize level listed above.
Ansible collection ibm.storage_virtualize : <https://github.com/ansible-collections/ibm.storage_virtualize>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm support for ansible | eq | 2.3.1 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%