A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products allowing arbitrary code execution. The Command Line Interface is unaffected.
CVE(s): CVE-2017-5638
Affected product(s) and affected version(s):
IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V3700
IBM Storwize V3500
IBM FlashSystem V9000
All products are affected when running supported releases 7.1 to 7.8. For unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of the product.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2qu1164
X-Force Database: http://ift.tt/2m6OQ0m
The post IBM Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5638) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2qtSU9z
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.