Lucene search

K
ibmIBME59ACF3695AD2CD789F134AAEEB562DA1F3666F9F39B6C6075E68D3EB0B3D646
HistorySep 26, 2022 - 4:23 a.m.

Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities

2022-09-2604:23:14
www.ibm.com
28
storwize v7000 unified
multiple vendor
security vulnerabilities
updated versions
vendor provided fixes

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

Abstract

Storwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components.

Content

VULNERABILITY DETAILS:

CVE ID:

Vendor Vendor ID Vendor Title Included CVEs
Red Hat RHSA-2013-0587 Moderate: openssl security update CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
IBM IBM Java 6.0.0 SR13 Oracle February 1 2013 CPU CVE-2013-0438
CVE-2013-0443
IBM IBM Java 6.0.0 SR13 FP1 Oracle February 19 2013 CPU CVE-2013-0169
Red Hat RHSA-2013-0144 Critical: firefox security update CVE-2013-0744
CVE-2013-0746
CVE-2013-0748
CVE-2013-0750
CVE-2013-0753
CVE-2013-0754
CVE-2013-0758
CVE-2013-0759
CVE-2013-0762
CVE-2013-0766
CVE-2013-0767
CVE-2013-0769
Red Hat RHSA-2013-0271 Critical: firefox security update CVE-2013-0775
CVE-2013-0776
CVE-2013-0780
CVE-2013-0782
CVE-2013-0783
Red Hat RHSA-2013-0614 Critical: xulrunner security update CVE-2013-0787
Red Hat RHSA-2013-0696 Critical: firefox security update CVE-2013-0788
CVE-2013-0793
CVE-2013-0795
CVE-2013-0796
CVE-2013-0800

DESCRIPTION:
Storwize V7000 Unified has integrated updated versions of the software components for which the vendors have provided fixes for security vulnerabilities.

CVSS:

IBM Java 6.0.0 SR13

CVEID: CVE-2013-0438 - Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/81800&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-0443 - Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Base Score: 4
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/81801&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

IBM Java 6.0.0 SR13 FP1

CVE-2013-0169 - Unspecified vulnerability in the JRE component allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/81902&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

_Red Hat _RHSA-2013-0587

CVE-2012-4929
CVSS Base Score: 2.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/78807 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVE-2013-0166
CVSS Base Score: 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/81904&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2013-0169
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/81902&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Red Hat RHSA-2013-0144

CVE-2013-0744
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81073 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0746
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81077 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0748
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81079 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2013-0750
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81080 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0753
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81084 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0754
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81085 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0758
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81083 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0759
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81085 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE-2013-0762
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81064 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0766
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81065 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0767
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81066 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0769
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81047 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Red Hat RHSA-2013-0271

CVE-2013-0775
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82189 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0776
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82190 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE-2013-0780
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82194 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0782
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82196 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0783
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82181 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Red Hat RHSA-2013-0614

CVE-2013-0787
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/82652&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Red Hat RHSA-2013-0696

CVE-2013-0788
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/83176&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0793
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/83200&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE-2013-0795
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/83198&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0796
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/83197&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE-2013-0800
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/83193&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

AFFECTED PLATFORMS:

  • **_Affected releases: _**Storwize V7000 Unified 1.3.0.0 through 1.4.0.X.
  • _Releases/systems/configurations NOT affected: _ Storwize V7000 Unified 1.4.1.0 and above.

REMEDIATION:

Vendor Fix(es):
The issues were fixed beginning with version Storwize V7000 Unified 1.4.1.0. Storwize V7000 Unified customers running an earlier version (e.g. Storwize V7000 Unified 1.3.X.X, 1.4.0.X) must upgrade to Storwize V7000 Unified 1.4.1.0 or a later version in order to get these fixes.

Workaround(s): None.

Mitigation(s): Storwize V7000 Unified is not exposed to CVEs related to Firefox and Xulrunner during normal operation. Service procedures which use the Firefox web browser may activate the vulnerable code. Service personnel must not browse web pages on the internet to avoid the processing of web pages with malicious content

REFERENCES:

CVE-2012-4929
CVE-2013-0166
CVE-2013-0169

CVE-2013-0169
CVE-2013-0438
CVE-2013-0443

CVE-2013-0744
CVE-2013-0746
CVE-2013-0748
CVE-2013-0750
CVE-2013-0753
CVE-2013-0754
CVE-2013-0758
CVE-2013-0759
CVE-2013-0762
CVE-2013-0766
CVE-2013-0767
CVE-2013-0769

CVE-2013-0775
CVE-2013-0776
CVE-2013-0780
CVE-2013-0782
CVE-2013-0783

CVE-2013-0787

CVE-2013-0788
CVE-2013-0793
CVE-2013-0795
CVE-2013-0796
CVE-2013-0800
RELATED INFORMATION:

CHANGE HISTORY:

  • 28-June-2013: Original copy published.

_The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _

_Note: __According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” _
IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

[{“Product”:{“code”:“ST5Q4U”,“label”:“IBM Storwize V7000 Unified (2073-700)”},“Business Unit”:{“code”:“BU058”,“label”:“IBM Infrastructure w/TPS”},“Component”:“1.4”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“1.4”,“Edition”:“”,“Line of Business”:{“code”:“LOB26”,“label”:“Storage”}}]

Affected configurations

Vulners
Node
ibmstorwize_v7000_unifiedMatch1.4

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

Related for E59ACF3695AD2CD789F134AAEEB562DA1F3666F9F39B6C6075E68D3EB0B3D646