OpenStack Nova could allow a remote authenticated attacker to bypass security restrictions. By rebuilding an instance, an attacker could exploit this vulnerability to achieve Filter Scheduler bypass.
CVE(s): CVE-2017-16239
Affected product(s) and affected version(s):
IBM PowerVC Standard Edition 1.3.2 through 1.3.2.1
IBM PowerVC Standard Edition 1.3.3 through 1.3.3.1
IBM PowerVC Standard Edition 1.4.0
IBM Cloud PowerVC Manager 1.3.2 through 1.3.2.1
IBM Cloud PowerVC Manager 1.3.3 through 1.3.3.1
IBM Cloud PowerVC Manager 1.4.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=nas8N1022490
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135002
The post IBM Security Bulletin: Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2p8WWEo
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.