Lucene search

K
ibmIBMBE9A67BD9BDD24F3FA830A98F5DC10D0C03A55261ED483855170AC3FF8B34B20
HistorySep 25, 2022 - 11:13 p.m.

Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL (CVE-2013-0166, CVE-2013-0169)

2022-09-2523:13:40
www.ibm.com
9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Abstract

A number of security vulnerabilities have been identified in the OpenSSL libraries that are part of the operating system software included with the vulnerable systems.

Content

VULNERABILITY DETAILS

CVE IDs:
**** CVE-2013-0166, CVE-2013-0169

DESCRIPTION:

The IBM Smart Analytics System 7600, IBM Smart Analytics System 7700, and IBM Smart Analytics System 7710 are shipped with the IBM AIX operating system. Two security vulnerabilities have been identified in the OpenSSL libraries that are part of the operating system software. See the references section for links to the description of each individual vulnerability.

CVE-2013-0166
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81904&gt; for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2013-0169****
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81902&gt; for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

AFFECTED PRODUCTS AND VERSIONS:

IBM Smart Analytics System 7600
IBM Smart Analytics System 7700
IBM Smart Analytics System 7710

REMEDIATION:

FIXES:

Find your product in the table below and use the link in the Download Link column to find the fix provided by IBM. Previously supported Balanced Warehouse environments not listed below require additional investigation to determine vulnerability and the appropriate remediation. Access to the patches on the IBM site is restricted and requires a valid IBM registration ID. Access to the fix packs on the IBM site requires both a valid IBM registration ID and the correct product entitlement in Passport Advantage.

For more information about IBM registration IDs, see: IBM Registration FAQ.

Product Operating System Patch/Fix Pack Version Download Link
IBM Smart Analytics System 7600

| AIX 6.1| OpenSSL patch
OpenSSH patch| OpenSSL: 0.9.8.2500
OpenSSH: 6.0.0.6101| Download the AIX fixes and install using the update instructions.
IBM Smart Analytics System 7700| AIX 6.1| IBM Smart Analytics System 7700 Fix Pack 2.1.1.0

Note: When you install this fix pack, you will update other components in addition to OpenSSL and OpenSSH.| OpenSSL: 0.9.8.2500
OpenSSH: 6.0.0.6101| Download 7700 Fix Pack 2.1.1.0 (2.1.2.0-IM-ISAS7700) and install using the fix pack installation instructions.
IBM Smart Analytics System 7710| AIX 6.1| IBM Smart Analytics System 7710 Fix Pack 2.1.1.0

Note: When you install this fix pack, you will update other components in addition to OpenSSL and OpenSSH.| OpenSSL: 0.9.8.2500
OpenSSH: 6.0.0.6101| Download 7710 Fix Pack 2.1.1.0 (2.1.2.0-IM-ISAS7710) and install using the fix pack installation instructions.

WORKAROUND(S):

None.

MITIGATION(S):

None.

REFERENCES:

RELATED INFORMATION:
_IBM Secure Engineering Web Portal __
_IBM Product Security Incident Response Blog

ACKNOWLEDGEMENT:

None.

CHANGE HISTORY:
31-May-2013:
- Original version published.

7-Jun-2013:
- Updated CVSS score and vector for CVE-2013-1069.
- Added 7700 and 7710 remediation details.

_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _

_Note: _According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

[{“Product”:{“code”:“SSKT3D”,“label”:“IBM Smart Analytics System”},“Business Unit”:{“code”:“BU050”,“label”:“BU NOT IDENTIFIED”},“Component”:“Not Applicable”,“Platform”:[{“code”:“PF002”,“label”:“AIX”}],“Version”:“9.5;9.7”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}},{“Product”:{“code”:“SSKT3D”,“label”:“IBM Smart Analytics System”},“Business Unit”:{“code”:“BU050”,“label”:“BU NOT IDENTIFIED”},“Component”:“IBM Smart Analytics System 7600”,“Platform”:[{“code”:“”,“label”:“”}],“Version”:“”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}},{“Product”:{“code”:“SSKT3D”,“label”:“IBM Smart Analytics System”},“Business Unit”:{“code”:“BU050”,“label”:“BU NOT IDENTIFIED”},“Component”:“IBM Smart Analytics System 7700”,“Platform”:[{“code”:“”,“label”:“”}],“Version”:“”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}},{“Product”:{“code”:“SSKT3D”,“label”:“IBM Smart Analytics System”},“Business Unit”:{“code”:“BU050”,“label”:“BU NOT IDENTIFIED”},“Component”:“IBM Smart Analytics System 7710”,“Platform”:[{“code”:“”,“label”:“”}],“Version”:“”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}}]

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P