RHEL 7 : Virtualization Manager (RHSA-2019:1046) (Spectre)

An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 - July 2018 & October 2018

Summary There are multiple vulnerabilities in IBM® SDK, Java™ Technology Edition, Versions 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in July 2018 and October 2018. Vulnerability Details CVEID: CVE-2018-1517...

RHEL 7 : Virtualization Manager (RHSA-2018:2328) (Spectre)

An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 - July 2017

Summary There are multiple vulnerabilities in IBM SDK, Java Technology Edition, Versions 6, 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Vulnerability Details CVEID: CVE-2017-10067 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 - January 2017

Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 6, 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect IBM Virtualization Engine TS7700 (CVE-2015-7848, CVE-2015-7855)

Summary There are multiple vulnerabilities in the Network Time Protocol NTP implementation embedded within the IBM Virtualization Engine TS7700. Vulnerability Details CVEID: CVE-2015-7848 DESCRIPTION: Network Time Protocol NTP is vulnerable to a denial of service, caused by an multiple integer...

Security Bulletin: HTTP Response Splitting in WebSphere Application Server affects IBM Virtualization Engine TS7700 (CVE-2016-0359)

Summary There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server as used by the IBM Virtualization Engine TS7700. Vulnerability Details CVEID: CVE-2016-0359 DESCRIPTION: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remo...

Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 - April 2016

Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 5, 6, 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3426 DESCRIPTION: An...

Security Bulletin: Vulnerability in Apache Commons affects IBM Virtualization Engine TS7700 (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Virtualization Engine TS7700. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 - July 2015

Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 5, 6 and 7, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Virtualization Engine TS7700 (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Virtualization Engine TS7700. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 - April 2015

Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 5, 6 and 7, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses the RC4 Bar Mitzvah Attack for...

Security Bulletin: IBM Virtualization Engine TS7700 is affected by vulnerabilities in IBM General Parallel File System (CVE-2015-0197, CVE-2015-0198)

Summary Security vulnerabilities have been identified in current levels of GPFS V3.5 and V3.4 as used within the IBM Virtualization Engine TS7700: - could allow a local attacker which only has a non-privileged account to execute programs with root privileges CVE-2015-0197 - may not properly...

Security Bulletin: Vulnerability in RC4 stream cipher affects the IBM Virtualization Engine TS7700 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM Virtualization Engine TS7700 Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2014 & January 2015

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, IBM SDK Java Technology Edition, Version 6, and IBM SDK Java 2 Technology Edition, Version 5 that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updat...

Security Bulletin: IBM Virtualization Engine TS7700 - The NTP monlist command is enabled (CVE-2013-5211)

Summary The NTP daemon on the TS7700 has the 'monlist' command enabled. This command returns a list of recent hosts that have connected to the service.. Vulnerability Details CVEID: CVE-2013-5211 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error in the monlist feature in...

Security Bulletin: IBM Virtualization Engine TS7700 - SSH Server CBC Mode Ciphers Enabled (CVE-2008-5161)

Summary The SSH server is configured to support Cipher Block Chaining CBC encryption. This may allow an attacker to recover the plaintext message from the ciphertext. Vulnerability Details CVEID: CVE-2008-5161 DESCRIPTION: The SSH server is configured to support Cipher Block Chaining CBC...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - January 2014

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, IBM SDK Java Technology Edition, Version 6, and IBM SDK Java 2 Technology Edition, Version 5 that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updat...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2013

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, IBM SDK Java Technology Edition, Version 6, and IBM SDK Java 2 Technology Edition, Version 5 that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updat...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - July 2014

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, IBM SDK Java Technology Edition, Version 6, and IBM SDK Java 2 Technology Edition, Version 5 that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updat...