Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM58E66AC45C021727D779F3654F013DD203E99A0AA704F18EF45512AFD58D339A
HistoryAug 08, 2018 - 4:13 a.m.

Security Bulletin: OpenStack Nova vulnerabilities affect IBM Cloud Manager with OpenStack (CVE-2016-2140)

2018-08-0804:13:55
www.ibm.com
4

0.001 Low

EPSS

Percentile

50.1%

JSON

Summary

IBM Cloud Manager with Openstack is vulnerable to a OpenStack Nova vulnerablities. An attacker could exploit this vulnerability to obtain sensitive information by a host data leak in resize/migration.

Vulnerability Details

CVEID: CVE-2016-2140**
DESCRIPTION:** OpenStack Nova could allow a remote authenticated attacker to obtain sensitive information, caused by a host data leak in resize/migration. By overwriting a root disk with a malicious image, an attacker could exploit this vulnerability to read arbitrary files from the compute host and obtain sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111366 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.6
IBM Cloud Manager with OpenStack 4.2.0 through 4.2.0.3
IBM Cloud Manager with OpenStack 4.1.0 through 4.1.0.5

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Cloud Manager with OpenStack| 4.3.0| None| IBM Cloud Manager with Openstack 4.3 interim fix 3 for fix pack 6:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.3.0.6&platform=All&function=fixId&fixids=+4.3.0.6-IBM-CMWO-IF003+&includeSupersedes=0
IBM Cloud Manager with OpenStack| 4.2.0| None| IBM Cloud Manager with Openstack 4.2 interim fix 8 for fix pack 3:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.2.0.3&platform=All&function=fixId&fixids=+4.2.0.3-IBM-CMWO-IF008+&includeSupersedes=0
IBM Cloud Manager with OpenStack| 4.1.0| None| IBM Cloud Manager with Openstack 4.1 interim fix 4 for fix pack 5:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.1.0.5&platform=All&function=fixId&fixids=+4.1.0.5-IBM-CMWO-IF004+&includeSupersedes=0

Workarounds and Mitigations

None

Related

redhat 4
cvelist 1
debiancve 1
prion 1
cve 1
nvd 1
veracode 1
github 1
ubuntucve 1
nessus 1
ubuntu 1
openvas 1
redhat
redhat
(RHSA-2016:0365) Important: openstack-nova security update
2016-03-08 00:00:00
(RHSA-2016:0364) Important: openstack-nova security update
2016-03-08 00:00:00
(RHSA-2016:0363) Important: openstack-nova security update
2016-03-08 00:00:00
cvelist
cvelist
CVE-2016-2140
2016-04-12 14:00:00
debiancve
debiancve
CVE-2016-2140
2016-04-12 14:59:10
prion
prion
Code injection
2016-04-12 14:59:00
cve
cve
CVE-2016-2140
2016-04-12 14:59:10
nvd
nvd
CVE-2016-2140
2016-04-12 14:59:10
veracode
veracode
Arbitrary File Read
2019-01-15 09:10:19
github
github
OpenStack Nova host data access through resize/migration
2022-05-14 01:58:44
ubuntucve
ubuntucve
CVE-2016-2140
2016-04-12 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : OpenStack Nova vulnerabilities (USN-3449-1)
2017-10-12 00:00:00
ubuntu
ubuntu
OpenStack Nova vulnerabilities
2017-10-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3449-1)
2017-10-12 00:00:00

0.001 Low

EPSS

Percentile

50.1%

JSON
Related for 58E66AC45C021727D779F3654F013DD203E99A0AA704F18EF45512AFD58D339A
redhat4cvelist1debiancve1prion1cve1nvd1veracode1github1ubuntucve1nessus1ubuntu1openvas1