Lucene search

K
ibmIBM9565FEEA0E13F1CACE459E1DD36D5E9CAB4712E2148193C52D850073C5948478
HistoryJun 18, 2018 - 12:07 a.m.

Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities.

2018-06-1800:07:41
www.ibm.com
37
storage hmc
openssl
upgrade
cryptographic vulnerabilities
ds8870
release 7.0
release 7.1

EPSS

0.335

Percentile

97.2%

Summary

Storage HMC included in releases prior to R7.2 use OpenSSL versions that had errors in cryptographic libraries that could allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption).

Vulnerability Details

**CVE ID:**CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2011-3207 CVE-2011-3210 CVE-2011-0014 CVE-2010-4252 CVE-2010-3864 CVE-2010-0742 CVE-2010-1633

DESCRIPTION: Storage HMC included in Release 7.2 includes a newer version of OpenSSL that resolves a number of key security exposures, and improves the entropy by mixing the time into the entropy pool .

CVE-2012-2131
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/75099 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2012-2110
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74926 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2012-0884
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/73916 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2012-0050
CVSS Base Score: 4.3CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72458 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2011-4108
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72128 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2011-4576
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72130 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2011-4577
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72131 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2011-4619
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72132 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2011-3210
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/69614 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2011-0014
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/68221 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:P)

CVE-2010-3864
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/63293 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

DS8870 Release 7.0 and 7.1

Remediation/Fixes

Upgrade to Release 7.2 after review of <http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004582&gt;

Workarounds and Mitigations

No workarounds or mitigations