CVE-2020-5015 — IBM Elastic Storage Server vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.2%

top 21.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Elastic Storage Server IBM Elastic Storage System

Timeline

PublishedMar 24

Latest updateMay 24

Description

IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. IBM X-Force ID: 193486.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/elastic_storage_server5.3.0 — 5.3.6.2

▶NVDibm/elastic_storage_system6.0.0 — 6.0.1.2

▶CVEListV5ibm/elastic_storage_server4 versions+3

🔴Vulnerability Details

GHSA

GHSA-8fxc-q593-x6h3: IBM Elastic Storage System 6↗2022-05-24

▶

CVEList

CVE-2020-5015: IBM Elastic Storage System 6↗2021-03-24

▶