IBM SONAS is shipped with Samba, for which a fix is available for security vulnerabilities.
Samba is used in IBM SONAS to enable file management and authentication services for Microsoft Windows environments.
CVEID: CVE-2017-7494**
DESCRIPTION:** Samba could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper access to named pipe endpoints. By uploading a specially-crafted shared library to a writeable share, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126417 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
IBM SONAS
The product is affected when running a code releases 1.5.0.0 to 1.5.2.6
A fix for this issue is in version 1.5.2.7 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.7 or a later version, so that the fix gets applied.
Please contact IBM support for assistance in upgrading your system.
Workaround : No
Mitigation : No