Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-5163 CVE-2015-3241 CVE-2015-5223)

Summary IBM Cloud Manager with Openstack is vulnerable to several Openstack vulerabilities, which allow remote attackers exploit these vulnerabilitise to obtain sensitive information or cause a denial of service. Vulnerability Details CVEID: CVE-2015-3241 DESCRIPTION: OpenStack Nova is vulnerable...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.20 and Version 7.0.9.31 these are used by IBM SmartCloud Entry of IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in May 2016 and includes the...

Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7713, CVE-2015-5286)

Summary IBM Cloud Manager with Openstack is vulnerable to several OpenStack vulnerablities. An attacker can exploit these velnerabilities to launch further attacks on the system or to exhaust all available resources. Vulnerability Details CVEID: CVE-2015-7713 DESCRIPTION: OpenStack Nova could...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.10 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10346 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0.10.15 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of IBM SDK, Java Technology Edition Quarterly CPU - Jan 2018 - Includes Oracle Jan 2018 CPU. / br / br IBM Cloud Manager...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.26 and Version 7.0.9.40 these are used by IBM SmartCloud Entry of IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in July 2016 and October 2016 and...

Security Bulletin: OpenStack Nova vulnerability affects IBM Cloud Manager with OpenStack (CVE-2017-7214)

Summary IBM Cloud Manager has addressed vulnerability in OpenStack Nova. Vulnerability Details CVE-ID: CVE-2017-7214 DESCRIPTION: OpenStack Nova could allow a remote attacker to obtain sensitive information, caused by a flaw in the exceptionwrapper.py. By viewing ERROR level logs, an attacker cou...

Security Bulletin: OpenStack Cinder/Glance/Nova vulnerabilities affect IBM Cloud Manager with OpenStack (CVE-2015-5162)

Summary IBM Cloud Manager has addressed vulnerabilities in OpenStack Nova/Glance/Cinder. Vulnerability Details CVEID: CVE-2015-5162 DESCRIPTION: OpenStack Cinder, Glance and Nova are vulnerable to a denial of service, caused by the failure to limit qemu-img calls by the image parser. By using a...

Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7548, CVE-2015-8749 CVE-2015-1850)

Summary IBM Cloud Manager with Openstack is vulnerable to several Openstack Nova vulerabilities, which could allow a local authenticated attacker or a remote attacker to obtain sensitive information Vulnerability Details CVEID: CVE-2015-8749 DESCRIPTION: OpenStack Nova could allow a remote attack...

Security Bulletin: IBM Cloud Manager is affected by the vulnerabilities known as SpectreNG (CVE-2018-3639)

Summary A third party CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG. These vulnerabilities have been referred to as part of "SpectreNG" in the media, given their similarity to previously disclosed...

Security Bulletin: Vulnerability in SSLv3 affects IBM Cloud Manager with OpenStack (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM SmartCloud Entry. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

Security Bulletin: OpenStack Nova vulnerabilities affect IBM Cloud Manager with OpenStack (CVE-2016-2140)

Summary IBM Cloud Manager with Openstack is vulnerable to a OpenStack Nova vulnerablities. An attacker could exploit this vulnerability to obtain sensitive information by a host data leak in resize/migration. Vulnerability Details CVEID: CVE-2016-2140 DESCRIPTION: OpenStack Nova could allow a...

Security Bulletin: Apache Xerces-C vulnerabilities (XML4C) affects IBM Cloud Manager with OpenStack (CVE-2016-0729)

Summary IBM Cloud Manager with Openstack is vulnerable to a Apache Xerces-C XML Parser library vulnerablities. Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reporting. By sending specially crafted input...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.5 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details CVEID: CVE-2017-10110 DESCRIPTION: An unspecified vulnerabilit...

Security Bulletin: Logjam vulnerability affect IBM Cloud Manager with Openstack (CVE-2015-4000)

Summary IBM Cloud Manager with Openstack is vulnerable to Logjam vulnerability, attackers could exploit them to obtain sensitive information Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failur...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry (CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.15 and Version 7.0.9.20 these are used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as...

Security Bulletin: Apache Xerces-C vulnerabilities affects IBM Cloud Manager with OpenStack (CVE-2016-4463)

Summary IBM Cloud Manager with Openstack is vulnerable to a Apache Xerces-C XML Parser library vulnerablities. Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2015 (CVE-2015-4872, CVE-2015-4893, CVE-2015-4803)

Summary IBM Cloud Manager is vulnerable to some Java vulnerabilities, which allow a remote attacker to cause a denial of service. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has no...

Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities

Summary Multiple security vulnerabilities have been identified in OpenSSL that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3735 DESCRIPTION: OpenSSL could allow a remote attacker to obtain...

Security Bulletin: Vulnerabilities in OpenStack affect IBM Spectrum Scale V4.2 and V4.1.1 (CVE-2015-8466 and CVE-2016-0738)

Summary OpenStack vulnerabilities that could allow: - with OpenStack Swift 3, a remote attacker to launch a replay attack affects IBM Spectrum Scale CVE-2015-8466 - with OpenStack Object storageSwift, a remote authenticated attacker could exploit this vulnerability to consume all available...