Lucene search

K
ibmIBMAECB9FD70A6404FA7005BB0B63AEA0C202F897DEC1684BD883D622BFC19210DD
HistoryFeb 18, 2023 - 1:45 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models, (CVE-2014-6593 and CVE-2015-0410)

2023-02-1801:45:50
www.ibm.com
12

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.698 Medium

EPSS

Percentile

98.0%

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.6.0 that is used by FlashSystem 840. These issues were disclosed as part of the IBM Java SDK updates in January 2015

Vulnerability Details

CVEID: CVE-2015-0410**
DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-6593**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

IBM FlashSystem 840:
Machine Type 9840, model -AE1 (all supported releases)
Machine Type 9843, model -AE1 (all supported releases)

IBM FlashSystem V840:
Machine Type 9846, model -AE1 (all supported releases)
Machine Type 9848, model -AE1 (all supported releases)

Code level 1.1.3.6 and earlier are affected.

Remediation/Fixes

You should verify applying this fix does not cause any compatibility issues.

<Product VRMF APAR Remediation/First Fix
840 MTMs:
9840-AE1 &
9843-AE1

V840 MTMs: 9846-AE1 &
9848-AE1| A code fix is now available, the VRMF of this code level is 1.1.3.7 (or later)| _ _N/A| No work arounds or mitigations, other than applying this code fix, are known for this vulnerability

Note:
V840 customers must upgrade the code of both the -AE1 and -ACx (whether -AC0 or -AC1) nodes to address this vulnerability. A customer reading this to fix one model type (e.g. –AE1) should look for the corresponding security bulletin which describes how to fix the other model type (e.g. perhaps –AC0) in the customer’s V840.

Link to FlashSystem 840 fixes

Link to FlashSystem V840 fixes

Workarounds and Mitigations

None

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.698 Medium

EPSS

Percentile

98.0%