IBM SmartCloud Entry is vulnerable to multiple OpenSSH vulnerabilities. An attacker could exploit these vulnerabilities to bypass XSECURITY restrictions, conduct impersonation attacks, or gain elevated privileges on the system.
CVE(s): CVE-2015-5352, CVE-2015-6563, CVE-2015-6564
Affected product(s) and affected version(s):
IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 6
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 6
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 6
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 21
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 21
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ciNgEY
X-Force Database: http://ift.tt/2c8WB0w
X-Force Database: http://ift.tt/2bZYLgC
X-Force Database: http://ift.tt/2c8Vyh9
from IBM Product Security Incident Response Team http://ift.tt/2coCutu
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.