7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Multiple Vulnerabilities in OpenSSL as reported by the OpenSSL project, and IBM PureApplication System supporting products affects IBM PureApplication System. IBM PureApplication System addressed the applicable CVEs.
CVEID: CVE-2017-3731
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121312 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
IBM PureApplication System V2.2
IBM PureApplication System V2.1
The PureSystems Manager on IBM PureApplication System is affected.
The solution is to upgrade the IBM PureApplication System to the following fix level:
IBM PureApplication System V2.2:
Upgrade to IBM PureApplication System V2.2.6
IBM PureApplication System V2.1:
IBM recommends upgrading to a fixed version of the product.
CVE | Remediation Fix / Security Bulletin |
---|---|
CVE-2017-3730 | IBM PureApplication Security Bulletin |
IBM System Storage Storwise V7000 Unified | |
CVE-2017-3731 |
IBM DataPower Gateways Security Bulletin
|
IBM Spectrum Scale Security Bulletin
CVE-2017-3732 | IBM HMC Security Bulletin
|
IBM Spectrum Scale Security Bulletin
CVE-2016-7055 |
IBM DataPower Gateways Security Bulletin
Notice IBM PureApplication System V2.2.6.0 updated to openSSL1.0.2r .
Upgrade the IBM PureApplication System to the following fix release:
Information on upgrading can be found here: <http://www-01.ibm.com/support/docview.wss?uid=swg27039159>
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P