Lucene search

IBM0824E75BEE1DF4696B4906332C5B08A6F015D4135F64E4363E84D10E6E5A6A1F

HistoryJun 18, 2018 - 1:29 a.m.

Security Bulletin: IBM Flex System Manager is affected by a vulnerability from FSM’s use of strongswan: (CVE-2015-4171)

2018-06-1801:29:33

www.ibm.com

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

JSON

Summary

There is a security vulnerability in strongswan that is used by IBM Flex System Manager (FSM).

Vulnerability Details

CVEID: CVE-2015-4171 **
DESCRIPTION:** strongSwan could allow a remote authenticated attacker to obtain sensitive information, caused by an error in IKEv2 connections related to server authentication with a certificate and EAP or pre-shared keys. An attacker could exploit this vulnerability to obtain user credentials and other sensitive information.

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103885 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Affected Products and Versions

Flex System Manager 1.1.x.x
Flex System Manager 1.2.0.x
Flex System Manager 1.2.1.x
Flex System Manager 1.3.0.x
Flex System Manager 1.3.1.x
Flex System Manager 1.3.2.x
Flex System Manager 1.3.3.x
Flex System Manager 1.3.4.x

Remediation/Fixes

Product

| VRMF| APAR| Remediation
—|—|—|—
Flex System Manager| 1.3.4.x| IT11634| fsmfix1.3.4.0_IT11633_IT11634_IT11652
Flex System Manager | 1.3.3.x| IT11634| fsmfix1.3.3.0_IT11633_IT11634_IT11652
Flex System Manager| 1.3.2.x| IT11634| fsmfix1.3.2.0_IT11633_IT11634_IT11652
Flex System Manager| 1.3.1.x| IT11634| IBM is no longer providing code updates for this release, upgrade to FSM 1.3.4.0 and follow the appropriate remediation for all vulnerabilities.
Flex System Manager| 1.3.0.x| IT11634| IBM is no longer providing code updates for this release, upgrade to FSM 1.3.4.0 and follow the appropriate remediation for all vulnerabilities.
Flex System Manager| 1.2.1.x| IT11634| Effective September 30, 2015 IBM has discontinued service for these version/release/modification/fix levels.
Flex System Manager| 1.2.0.x| IT11634| Effective September 30, 2015 IBM has discontinued service for these version/release/modification/fix levels.
Flex System Manager| 1.1.x.x| IT11634| Effective April 30, 2015 IBM has discontinued service for these version/release/modification/fix levels.

Workarounds and Mitigations

None

CPENameOperatorVersion
flex system manager nodeeqany

CPE	Name	Operator	Version
	flex system manager node	eq	any

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

JSON

Related for 0824E75BEE1DF4696B4906332C5B08A6F015D4135F64E4363E84D10E6E5A6A1F