16 matches found
EUVD-2012-2160
Malware in sbrugna...
EUVD-2012-2161
Malware in sbrugna...
Security Bulletin: IBM XIV Storage System (MTM 2810-A14, 2812-A14, MTM 2810-114, 2812-114) Fixed Passwords for Maintenance Accounts (CVE-2012-2166)
Abstract IBM XIV Storage Systems have maintenance accounts with fixed passwords. A fix is available to manage access to these accounts. Content VULNERABILITY DETAILS: DESCRIPTION: The XIV Storage Systems have preconfigured user accounts that are used for maintenance purposes. These accounts have...
Security Bulletin: Vulnerability in OpenSSL affects IBM XIV Storage System Gen3 (CVE-2014-3570)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by IBM XIV Storage System. IBM XIV Storage System has addressed the applicable CVE. We are unaware of any customer being affected by this issue. Vulnerability Details CVEID: CVE-2014-3570...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM XIV Storage System Gen2 (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM XIV Storage System Gen2. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...
Security Bulletin: Vulnerability in OpenSSL affects IBM XIV Storage System Gen3 and Gen2 (CVE-2015-0204)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM XIV Storage System has addressed the applicable CVEs. Vulnerability Details CVEID:...
Security Bulletin: GNU C library (glibc) vulnerability affects IBM XIV Storage System Gen3 (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM XIV Storage System Gen3. Vulnerability Details CVEID: CVE-2015-0235 The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid hostna...
Security Bulletin: GNU C library (glibc) vulnerability affects IBM XIV Storage System Gen2 (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM XIV Storage System Gen2. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but...
Security Bulletin: Vulnerability in SSLv3 affects IBM XIV Storage System Gen 2 (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM XIV Storage System Gen2. Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...
Security Bulletin: Vulnerability in SSLv3 affects IBM XIV Storage System Gen 3.0 (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM XIV Storage System Gen 3.0 Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitiv...
CVE-2012-2166
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041...
CVE-2012-2166
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041...
IBM XIV Storage System OpenSSL TLS/DTLS心跳信息泄漏漏洞
CVE ID:CVE-2014-0160 IBM XIV Storage System是一款网格存储解决方案。 IBM XIV Storage System所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 IBM XIV Storage System 11.3.0 IBM XIV Storage System 11.3.0.a IBM XIV Storage System 11.3.1 IBM XIV Storage System 11.4.1...
CVE-2012-4829
IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certificate-trust relationship...
CVE-2012-2167
The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service device outage via TCP packets to unspecified ports...
CVE-2012-2167
CVE-2012-2167 concerns the IBM XIV Storage System Gen3 before 11.1.0.a. The connected documents corroborate a remote DoS impact: sending TCP packets to unspecified ports can cause a device outage. The affected component is the storage system’s network-facing handling (no explicit vulnerable modul...