Brocade Network Advisor is used by IBM PureApplication System. IBM PureApplication System has addressed the applicable CVEs.
CVEID: CVE-2016-8204 DESCRIPTION: Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to FileReceiveServlet containing directory traversal sequences to upload and execute arbitrary files on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120392 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-8207 DESCRIPTION: Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to CliMonitorReportServlet containing directory traversal sequences to read arbitrary files on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120395 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2016-8205 DESCRIPTION: Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to DashboardFileReceiveServlet containing directory traversal sequences to upload and execute arbitrary files on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120393 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-8206 DESCRIPTION: Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to SoftwareImageUpload containing directory traversal sequences to write to and delete arbitrary files from the system.
CVSS Base Score: 9.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120394 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
IBM PureApplication System V2.1
The PureSystems Manager on IBM PureApplication System is affected. The solution is to upgrade the IBM PureApplication System to the following fix level:
IBM PureApplication System V2.1:
Upgrade to IBM PureApplication System V2.1.2 or later.
None