CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
37.0%
IBM Spectrum Fusion includes Ansible which could allow a local authenticated attacker to obtain sensitive information (CVE-2021-20180)
CVEID:CVE-2021-20180
**DESCRIPTION:**Ansible could allow a local authenticated attacker to obtain sensitive information, caused by disclosure of information in the console log when using the bitbucket_pipeline_variable. An attacker could exploit this vulnerability to steal bitbucket_pipeline credentials.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222527 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2021-3589
**DESCRIPTION:**Foreman Ansible could allow a remote authenticated attacker to bypass security restrictions, caused by an authorization flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to access hosts through job templates.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222525 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Fusion HCI | 2.1 |
IBM Spectrum Fusion’s version of Ansible has been updated to remediate this vulnerability:
Release | Link to Fix |
---|---|
IBM Spectrum Fusion HCI v2.3 | <https://www.ibm.com/support/pages/node/6611399> |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | storage_fusion_hci | 2.3 | cpe:2.3:a:ibm:storage_fusion_hci:2.3:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
37.0%