CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
92.4%
Vulnerabilities have been found in Samba shipped with IBM OS Image for Red Hat Enterprise Linux System
CVEID:CVE-2022-32742
**DESCRIPTION:**Samba could allow a remote authenticated attacker to obtain sensitive information, caused by a memory leak when handling SMB1 requests. By sending a specially-crafted request to write data to a file share, an attacker could exploit this vulnerability to obtain memory information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232306 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM OS Image for Red Hat Linux Systems | 3.0 |
This is an SMB1-only vulnerability. if you are using SMB1, to apply mitigation fix, please refer to the mitigation section below.
This is an SMB1-only vulnerability. Since Samba release 4.11.0, SMB1 has been disabled by default. We do not recommend enabling SMB1 server support. For Samba versions prior to 4.11.0, make sure to disable SMB1 .
In order to disable SMB1 add the following
server min protocol = SMB2_02
to the [global] section of your smb.conf and restarting smbd.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cloud_pak_system | 2.3 | cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
92.4%