Lucene search

K
ibmIBMF6DF55755772C64F805CFF82BE910F9FAAF52E5BFBF9672BC2262F5BAF685976
HistoryDec 20, 2019 - 8:47 a.m.

Security Bulletin: IBM Transparent Cloud Tiering is affected by Netty vulnerability

2019-12-2008:47:33
www.ibm.com
17
ibm
transparent cloud tiering
netty vulnerability
fix
cve-2019-16869
http headers
http request smuggling
cvss
spectrum scale v4.2.3.19
spectrum scale v5.0.4.1

EPSS

0.022

Percentile

89.7%

Summary

The Netty library is vulnerable affecting the IBM Transparent Cloud Tiering. IBM Transparent Cloud Tiering fixed the below CVE.

Vulnerability Details

CVEID:CVE-2019-16869
**DESCRIPTION:**Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a “Transfer-Encoding : chunked” line), which leads to HTTP request smuggling.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167672 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Transparent Cloud Tiering 1.1.1.0 thru 1.1.3.10
Transparent Cloud Tiering 1.1.5.0 thru 1.1.7.2

Remediation/Fixes

For Transparent Cloud Tiering 1.1.1.0 thru 1.1.3.10 , apply Transparent Cloud Tiering 1.1.3.11 bundled with IBM Spectrum Scale V4.2.3.19 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.3&platform=All&function=all

For Transparent Cloud Tiering 1.1.5.0 thru 1.1.7.2, apply Transparent Cloud Tiering 1.1.7.3 bundled with IBM Spectrum Scale V5.0.4.1 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.4&platform=All&function=all

Workarounds and Mitigations

None

EPSS

0.022

Percentile

89.7%