CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.1%
NSS & NSPR vulnerabilities affect the IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 products. These vulnerabilities could allow a remote attacker to execute arbitrary code, on the system, to obtain sensitive information, or cause Denial of Service.
1. CVE-ID: CVE-2013-1740
DESCRIPTION: Mozilla Network Security Services could allow a remote attacker to obtain sensitive information, caused by an error in the ssl_Do1stHandshake() function. An attacker could exploit this vulnerability to return unencrypted, unauthenticated data from PR_Recv.
Affected Versions: Mozilla Network Security Services (NSS) before 3.15.4
CVSS Base Score: 5.8 / 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90394 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
--------------------------------------------------------------
2. CVE-ID: CVE-2014-1490
DESCRIPTION: Mozilla Firefox,Thunderbird and SeaMonkey, using the Mozilla Network Security Services (NSS) library, could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in libssl’s session ticket processing. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.
Affected Versions: Mozilla Network Security Services (NSS) before 3.15.4
CVSS Base Score: 5 / 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90885 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
--------------------------------------------------------------
3. CVE-ID: CVE-2014-1491
DESCRIPTION: An unspecified error in Mozilla Firefox,Thunderbird and SeaMonkey using the Mozilla Network Security Services (NSS) library has an unknown impact and attack vector.
Affected Versions: Mozilla Network Security Services (NSS) before 3.15.4
CVSS Base Score: 5 / 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90886 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
--------------------------------------------------------------
4. CVE-ID: CVE-2014-1492
DESCRIPTION: An unspecified error in Mozilla Network Security Services (NSS) related to the processing of wildcard characters embedded within the U-label of an internationalized domain name in a wildcard certificate has an unknown impact and remote attack vector.
CVSS Base Score: 4.3 / 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91988 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
--------------------------------------------------------------
5. CVE-ID: CVE-2014-1544
DESCRIPTION: Mozilla Firefox and Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the PK11_ImportCert() function when adding NSSCertificate structures. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Affected Versions: NSS 3.x used in Firefox before 31.0, and Firefox ESR 24.x before 24.7
CVSS Base Score: 10.0 / 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/94775 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
--------------------------------------------------------------
6. CVE-ID: CVE-2014-1545
DESCRIPTION: Mozilla Netscape Portable Runtime (NSPR) could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error in the sprintf and console functions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Affected Versions: Mozilla Netscape Portable Runtime (NSPR) before 4.10.6
CVSS Base Score: 10.0 / 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/93715 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
IBM FlashSystem 710 & 810, Machine Type 9830, models -AS1 & -AE1
· all supported releases before 5.6.2
TMS RAMSAN 710 & 810, Machine Type 9833, models -AS1 & -AE1
· all supported releases before 5.6.2
IBM FlashSystem 720 & 820, Machine Type 9831, models –AS2 & -AE2
· all supported releases before 6.3.2
TMS RAMSAN 710 & 810, Machine Type 9834, models -AS1 & -AE1
· all supported releases before 6.3.2
IBM recommends that you fix this vulnerability by promptly upgrading affected versions of IBM FlashSystem systems to the following code level or higher:
for 710 and 810, machine type 9830, models –AS1 & -AE1: 5.6.2
for 720 and 820, machine type 9831, models -AS2 & AE2: 6.3.2
IBM recommends that you fix this vulnerability by promptly upgrading affected versions of TMS RAMSAN systems to the following code level or higher:
for 710 and 810, machine type 9833, models –AS1 & -AE1: 5.6.2
for 720 and 820, machine type 9834, models -AS2 & AE2: 6.3.2
In addition, IBM recommends that you review your entire environment to identify vulnerable releases of NSS & NSPR in other (e.g. non-IBM products and versions) including in your Operating Systems and take appropriate mitigation and remediation actions. Please contact your Operating System provider for more information.
None known
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | flashsystem_900 | any | cpe:2.3:h:ibm:flashsystem_900:any:*:*:*:*:*:*:* |
ibm | tms_ramsan-710_\(9833-as1\) | any | cpe:2.3:a:ibm:tms_ramsan-710_\(9833-as1\):any:*:*:*:*:*:*:* |
ibm | tms_ramsan-720_\(9834-as2\) | any | cpe:2.3:a:ibm:tms_ramsan-720_\(9834-as2\):any:*:*:*:*:*:*:* |
ibm | tms_ramsan-810_\(9833-ae1\) | any | cpe:2.3:a:ibm:tms_ramsan-810_\(9833-ae1\):any:*:*:*:*:*:*:* |
ibm | tms_ramsan-820_\(9834-ae2\) | any | cpe:2.3:a:ibm:tms_ramsan-820_\(9834-ae2\):any:*:*:*:*:*:*:* |