IBM5232BDDA63DCAFC943FA9442C9BC46836BB2640281F6C5FE921A367628AD6216Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in NSS (CVE-2017-7805)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Summary
IBM Security Access Manager Appliance has addressed the following vulnerability.
Vulnerability Details
CVEID: CVE-2017-7805**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in TLS 1.2 generating handshake hashes. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132749 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
Affected IBM Security Access Manager Appliance
|
Affected Versions
—|—
IBM Security Access Manager for Web | 7.0-7.0.0.32
IBM Security Access Manager for Web| 8.0-8.0.1.7
IBM Security Access Manager for Mobile| 8.0-8.0.1.7
IBM Security Access Manager| 9.0.3.0 - 9.0.4.0 IF1
Remediation/Fixes
Product
|
VRMF
|
APAR
|
Remediation
—|—|—|—
IBM Security Access Manager for Web | 7.0-7.0.0.32| IJ03465| Apply Interim Fix 34:
7.0.0-ISS-WGA-IF0034
IBM Security Access Manager for Web | 8.0-8.0.1.7| IJ03463| 1. For versions prior to 8.0.1.7, upgrade to 8.0.1.7: _
_8.0.1-ISS-WGA-FP0007
2. Apply 8.0.1.7 IF 1:
8.0.1.7-ISS-WGA-IF0001
IBM Security Access Manager for Mobile| 8.0-8.0.1.7| IJ03464| 1. For versions prior to 8.0.1.7, upgrade to 8.0.1.7:_ 8.0.1-ISS-ISAM-FP0007_
2. Apply 8.0.1.7 IF 1:
8.0.1.7-ISS-ISAM-IF0001
IBM Security Access Manager| 9.0.3.0 - 9.0.4.0 IF 1| IJ03463| 1. For versions prior to 9.0.4.0, upgrade to 9.0.4.0:
9.0.4-ISS-ISAM-FP0000
2. Apply 9.0.4.0 IF2:
9.0.4.0-ISS-ISAM-IF0002
Workarounds and Mitigations
None.
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P