IBM Storwize V7000 Unified is shipped with Samba, for which a fix is available for security vulnerability.
CVEID: CVE-2019-3880 DESCRIPTION: Samba could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted “winreg_SaveKey” request to create a new registry hive file outside a Samba share.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159188> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
IBM Storwize V7000 Unified
The product is affected when running code releases 1.6.0.0 to 1.6.2.5
A fix for this issue is in version 1.6.2.6 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.6.2.6 or a later version.
Latest Storwize V7000 Unified Software
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm storwize v7000 unified (2073) | eq | 1.6 |