
IBM products Vulnerabilities
Cyber Security Notification: New Vulnerabilities of September 2014
#1 Multiple vulnerabilities in IBM products
Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 3
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2013-4286
CVE-2014-0075
CVE-2014-0099
Vector operation: Local Network
Impact: Denial of service, Unauthorized modification of data, Security Bypass, spoofing attacks
• Affected Products: IBM Flex System V7000 7.x, IBM Storwize (V3500 7.x, V3700 7.x, V5000 7.x, V7000 7.x), IBM System Storage SAN Volume Controller 7.x
• Affected versions: IBM Flex System (V7000 7.x, IBM Storwize V3500 7.x, V3700 7.x, V5000 7.x, V7000 7.x), IBM System Storage SAN Volume Controller 7.x
Description:
Vulnerabilities allow malicious people to bypass certain security restrictions, manipulate sensitive data, and can be exploited by malicious people to conduct denial of service and spoofing attacks.
The vulnerability is caused due to the presence of a vulnerable version of Apache Tomcat.
Solution: Install the latest version 7.2.0.8 or 7.3.0.5 with the manufacturer’s website.
Manufacturer URL: http://www.ibm.com/systems/hk/storage/disk/storwize_v3700/index.html
Link: http://www.ibm.com/support/docview.wss?uid=ssg1S1004867
#2 Multiple vulnerabilities in IBM Rational License Key Server
Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 2
CVSSv2 Rating: (AV: A / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: ND) = Base: 3.3 / Temporal: 0
(AV: A / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: ND) = Base: 4.8 / Temporal: 0
CVE ID: CVE-2014-3079, CVE-2014-4756
Vector operation: Local Network
Impact: Disclosure of sensitive data, Unauthorized modification of data, Security Bypass
• Affected products: IBM Rational License Key Server 8.x
• Affected versions: IBM Rational License Key Server (8.1.4, 8.1.4.2, 8.1.4.3)
Description:
Vulnerabilities allow malicious people to bypass certain security restrictions, manipulate data, and gain access to important data.
1. The vulnerability is due to the fact that the ‘Administration and Reporting Tool’ does not properly restrict access to the license usage information. A remote user can get access to the confidential data.
2. The vulnerability is caused due to an unspecified error in the ‘Administration and Reporting Tool’. This vulnerability can be exploited to disclose and manipulate files cookies. Details were not disclosed.
Solution: Install the latest version 8.1.4.4 from the manufacturer.
Links:
http://www.ibm.com/support/docview.wss?uid=swg21681449
http://www.ibm.com/support/docview.wss?uid=swg24038045