Security Bulletin: OpenStack Heat vulnerability affect IBM Cloud Manager with OpenStack (CVE-2016-9185)

Summary

IBM Cloud Manager has addressed a vulnerability in OpenStack Heat.

Vulnerability Details

CVE-ID: CVE-2016-9185 DESCRIPTION: OpenStack Heat could allow a remote authenticated attacker to obtain sensitive information. By using a special-crafted URL, a remote attacker could exploit this vulnerability to conduct network discovery revealing internal network configuration.
CVSS Base Score: 4.300
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/119180 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.7
IBM Cloud Manager with OpenStack 4.1.0 through 4.1.0.5

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Cloud Manager with OpenStack| 4.3.0| None| IBM Cloud Manager with Openstack 4.3 for fix pack 8:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.8-IBM-CMWO-FP08&source=SAR&function=fixId&parent=ibm/Other%20software
IBM Cloud Manager with OpenStack| 4.1.0| None| IBM Cloud Manager with Openstack 4.1 interim fix 7 for fix pack 5:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.1.0.5-IBM-CMWO-IF007&source=SAR&function=fixId&parent=ibm/Other%20software

Workarounds and Mitigations

None