Denial of Service Vulnerability in IBM Elastic Storage Products
CVE-2020-5015

7.5HIGH

Key Information:

Vendor
IBM
Status
Elastic Storage Server
Vendor
CVE Published:
24 March 2021

Summary

The IBM Elastic Storage System (versions 6.0.0 to 6.0.1.2) and IBM Elastic Storage Server (versions 5.3.0 to 5.3.6.2) are susceptible to a denial of service. This vulnerability arises when a remote attacker sends specially crafted UDP requests, which can cause the system to become unresponsive. Organizations using these products should implement measures to monitor their network traffic and apply security updates promptly to mitigate the risks associated with this issue.

Affected Version(s)

Elastic Storage Server 5.3.0

Elastic Storage Server 6.0.0

Elastic Storage Server 6.0.1.2

References

https://www.ibm.com/support/pages/node/6434155
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6434737
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/193486
vdb-entryx_refsource_XF

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.