Security Bulletin: Aspera Web Applications (Faspex, Console) and On Demand products are affected by OpenSSL Vulnerability (CVE-2017-7468)

2019-08-1422:57:54

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Summary

Aspera Web Applications (Faspex, Console) and On Demand products have addressed the following OpenSSL vulnerability.

Vulnerability Details

CVEID:CVE-2017-7468 *DESCRIPTION: ** No CVE description.
CVSS Base Score: 3.1
CVSS Temporal Score: See [Not Applicable](<https://psirt.raleigh.ibm.com/teamworks/Not Applicable>) for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Aspera Faspex 4.1.0

IBM Aspera Console 3.2.0

IBM Aspera Faspex Server on Demand 3.7.3

Remediation/Fixes

For IBM Aspera (Faspex, Console) the issue can be fixed by downloading the following new versions.

On Demand customers should download a related product release for their On Demand image from the following.

Product	VRMF	APAR	Remediation/First Fix
IBM Aspera Faspex	4.2.0 or Higher	None	<https://downloads.asperasoft.com/en/downloads/6>
IBM Aspera Console	3.3.0 or Higher	None	<https://downloads.asperasoft.com/en/downloads/34>