IBM SmartCloud Entry is vulnerable to ntp vulnerabilities. An attacker could exploit these vulnerabilities to disable ntp at a victim client or bypass the timestamp validation check.
CVE(s): CVE-2015-5300, CVE-2015-7704, CVE-2015-8138
Affected product(s) and affected version(s):
IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 5
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 5
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 5
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 19
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 19
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/24OG7KN
X-Force Database: http://ift.tt/1rd28WE
X-Force Database: http://ift.tt/1W1Vu2C
X-Force Database: http://ift.tt/1rd26hG
from IBM Product Security Incident Response Team http://ift.tt/24OGy85
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.