CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
70.7%
There is a vulnerability in Network Security Services (NSS) to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker could exploit this vulnerability to forge signatures.
CVEID: CVE-2015-2730 DESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to properly handle certain exceptional cases by the Elliptical Curve Cryptography (ECC) multiplication for Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation in Network Security Services (NSS). By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to forge signatures.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104386 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
FlashSystem 840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE1 and 9843-AE1.
FlashSystem 900 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE2 and 9843-AE2.
MTMs
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FlashSystem****840 MTM:
9840-AE1 &
9843-AE1
FlashSystem 900 MTMs:
9840-AE2 &
9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream:
_Fixed code VRMF .
1.4 stream: 1.4.0.10 (or later)
1.3 stream: 1.3.0.5 (or later)
1.2 stream: 1.2.1.9 (or later)| _ _N/A| No workarounds or mitigations, other than applying this code fix, are known for this vulnerability
** **FlashSystem 840 fixes****and FlashSystem 900 fixes****are available @ IBM’s Fix Central
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | flashsystem_900 | any | cpe:2.3:h:ibm:flashsystem_900:any:*:*:*:*:*:*:* |