Security Bulletin: Vulnerability in the JVM (CVE-2013-1500)

Abstract In SmartCloud Provisioning, when AWT code is run, a vulnerability of the JVM can be exploited. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1500 DESCRIPTION: An unspecified vulnerability related to the Java Runtime Environment 2D component has partial confidentiality impact, partial...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server shipped with SmartCloud Provisioning (CVE-2016-5573, CVE-2016-5597)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition 6 that affect WebSphere Application Server shipped with SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in October 2016. SmartCloud Provisioning product software reached suppor...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Provisioning

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ that is used by IBM SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3443 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect WebSphere Application Server shipped with SmartCloud Provisioning

Summary Multiple vulnerabilities in IBM SDK Java Technology Edition affect WebSphere Application Server shipped with SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Note that...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with SmartCloud Provisioning (CVE-2015-7450)

Summary IBM WebSphere Application Server is shipped as a component of SmartCloud Provisioning Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult security bulletin Vulnerability in Apache...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect SmartCloud Provisioning for IBM Software Virtual Appliance

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 that is by SmartCloud Provisioning for IBM Software Virtual Appliance. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam Attack on TLS...

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java™ Technology Edition affect SmartCloud Provisioning (CVE-2014-4263, CVE-2014-4244)

Summary Multiple security vulnerabilities exist in the IBM SDK, Java™ Technology Edition that is shipped with IBM SmartCloud Provisioning CVE-2014-4263, CVE-2014-4244. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the...

Security Bulletin: SmartCloud Provisioning - Django vulnerabilities reported in April 2014 X-Force Report

Summary SmartCloud Provisioning - Django vulnerabilities reported in April 2014 X-Force Report CVE-2014-0473, CVE-2014-0474,CVE-2014-0472 Vulnerability Details CVE-ID: CVE-2014-0473 DESCRIPTION: Django is vulnerable to cross-site request forgery, caused by an error when handling caching of...

Security Bulletin: Vulnerabilities in Django affect SmartCloud Provisioning (CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483)

Summary Vulnerabilities found in Django as per August 2014 X-Force report CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483 affect SmartCloud Provisioning 2.3. SmartCloud Provisioning 2.3 is shipped with Django. Securities vulnerabilities have been discovered in Django that may affect...

Security Bulletin: SmartCloud Provisioning - Django vulnerabilities reported in May 2014 X-Force Report

Summary SmartCloud Provisioning - Django vulnerabilities reported in May 2014 X-Force Report CVE-2014-1418, CVE-2014-3730. Vulnerability Details SmartCloud Provisioning 2.3 is shipped with Open Source Django. Securities vulnerabilities have been discovered in Django, which affect SmartCloud...

Security Bulletin: Vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance.

Summary Multiple vulnerabilities have been identified in qemu-kvm that affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance CVE-2014-0222, CVE-2014-0223. Vulnerability Details CVE-ID: CVE-2014-0222 DESCRIPTION: QEMU could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: SmartCloud Provisioning - Vulnerability in procmail

Summary A flaw has been discovered in procmail that affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance CVE-2014-3618. Vulnerability Details CVE-ID: CVE-2014-3618 Description: procmail is vulnerable to a heap-based buffer overflow, caused by improper bounds checking wh...

Security Bulletin: Security vulnerabilities in IBM SDK, Java™ Technology Edition (CVE-2014-0878, CVE-2014-0460, CVE-2014-0453, CVE-2014-2420) affect SmartCloud Provisioning

Summary Multiple security vulnerabilities exist in the IBM SDK, Java™ Technology Edition shipped with IBM SmartCloud Provisioning CVE-2014-0878, CVE-2014-0460, CVE-2014-0453, CVE-2014-2420. IBM SDK, Java™ Technology Edition has released patch updates with security vulnerabilities fixes. SmartClou...

Security Bulletin: SmartCloud Provisioning - Webmin Open Source vulnerability (CVE-2014-0339)

Summary SmartCloud Provisioning - Webmin Open Source vulnerability as per X-Force Report, March 2014 CVE-2014-0339. Vulnerability Details SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance is shipped with Webmin. A security vulnerability has been discovered in Webmin that...

Security Bulletin: SmartCloud Provisioning is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability...

CVE-2013-5455

IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems.delete command...