7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
There are multiple vulnerabilities addressed in OpenSSL that is used by IBM Systems Director(ISD) Platform Agent. These OpenSSL vulnerabilities were disclosed in January 2017 by the OpenSSL Project.
CVEID: CVE-2017-3731**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121312 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-3732**
DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121313 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM Systems Director:
To determine the ISD level installed, enter smcli lsver on a command line. IBM Systems Director versions pre-6.3.5 are unsupported and will not be fixed. IBM recommends upgrading to a fixed, supported version of the product.
Please follow the instructions provided to apply fixes on the below releases.
1. Open the below link to download the fix:
2. Select the below fix package that includes fixes for all the supported platforms:
SysDir6_3_5_0_6_3_6_0_6_3_7_0_IT20035_IT20036_IT20037_IT20038
3. Follow the Instructions in the table for your desired platform
Product | VRMF | Associated Technote |
---|---|---|
IBM Systems Director and IBM Systems Director Platform Agent | Xlinux Platform Agent 6.3.5 to 6.3.7 | 812945449 |
Go to <http://www-01.ibm.com/support/us/search/> and search for the technote number. | ||
IBM Systems Director and IBM Systems Director Platform Agent | Windows Platform Agent 6.3.5 to 6.3.7 | 812942115 |
Go to <http://www-01.ibm.com/support/us/search/> and search for the technote number. | ||
IBM Systems Director and IBM Systems Director Platform Agent | Power Linux Platform Agent 6.3.5 to 6.3.7 | 812924559 |
Go to <http://www-01.ibm.com/support/us/search/> and search for the technote number. | ||
IBM Systems Director and | ||
IBM Systems Director Platform Agent | Zlinux Platform Agent 6.3.5 to 6.3.7 | 812977661 |
Go to <http://www-01.ibm.com/support/us/search/> and search for the technote number. | ||
IBM Systems Director and | ||
IBM Systems Director Platform Agent | AIX Platform Agent 6.3.5 to 6.3.7 | 812925254 |
Go to <http://www-01.ibm.com/support/us/search/> and search for the technote number. |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm systems director | eq | any |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P