IBM SmartCloud Provisioning and SmartCloud Provisioning for Software Virtual Appliaance ships with nginx. A denial of service vulnerability has been identified in nginx (CVE-2016-4450).
CVE-ID: CVE-2016-4450****
Description: nginx is vulnerable to a denial of service, caused by a NULL pointer dereference error in ngx_chain_to_iovec(). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the worker process to crash.
CVSS Base Score: 5.300
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/113746 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
All releases of IBM SmartCloud Provisioning 2.1 and IBM SmartCloud Provisioning V2.1 for IBM Software Virtual Appliance.
None
If you are running any release of IBM SmartCloud Provisioning contact IBM support.
Please note that product software support discontinuance is approaching as per IBM Withdrawal Announcement 916-016.