Lucene search

K
ibmIBMEBC473D3F0903936C0F890064EA7A464845C83934A803BC770D6449070404ED6
HistoryJun 18, 2018 - 12:08 a.m.

Security Bulletin: The IBM V840 product model number AE1 node is affected by a vulnerability in Java

2018-06-1800:08:26
www.ibm.com
5

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

Summary

Security vulnerabilities have been discovered in Java

Vulnerability Details

**CVE-ID:**CVE-2014-0411

**DESCRIPTION:**FlashSystem V840-AE1 uses an affected version of Oracle Java:

CVE-2014-0411 (Unspecified Oracle Java vulnerability)

In Oracle’s January 2014 Critical Patch Update (CPU) they disclosed, but did not fully specify, a vulnerability in Oracle Java SE related to the JSSE component that has partial confidentiality impact, partial integrity impact, and no availability impact. This unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. For further information on this vulnerability see: <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0411&gt;

CVSS v2 Base Score: 4.0
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90357&gt;
CVSS Vector: (AV:N/AC:H/AU:N/C:P/I:P/A:N)

Affected Products and Versions

_FlashSystem V840 including machine type models (all available code levels) _
9846-AE1 & 9848-AE1

Remediation/Fixes

Products

| VRMF| APAR| Remediation/First Fix
—|—|—|—
9846-AE1,
9848-AE1,| A code fix is now available, the VRMF of this code level is 1.1.2.2| N/A| _The recommended remediation is to apply this code fix for this Java vulnerability. _

Workarounds and Mitigations

Close GUI sessions when they approach 20 hours open, preferably closing the session at the end of each working day. Ensure that all users who have access to the system are authenticated by another security system such as a firewall.

CPENameOperatorVersion
ibm flashsystem softwareeqany

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

Related for EBC473D3F0903936C0F890064EA7A464845C83934A803BC770D6449070404ED6