Summary

A security vulnerability has been identified in all levels of IBM Elastic Storage Server that could allow an attacker to cause a denial of service. A fix for this vulnerability is available.

Vulnerability Details

CVEID:CVE-2020-5015
**DESCRIPTION:**IBM Elastic Storage System could allow a remote attacker to cause a denial of service by sending malformed UDP requests.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193486 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

For IBM Elastic Storage Server V5.3.0 thru 5.3.6.2, apply V5.3.7 available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=All&platform=All&function=all

And then enable security on these system using the security tool provided in these release by running below steps :

- To enable security, from the container, run the command:

_ # ./gss_security -e_

where <node_name> is the node on which security needs to be enabled.

- You can verify it has been enabled by running the command,

./gss_security -c

Workarounds and Mitigations

None