Thursday, November 30, 2017

IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application

There are multiple vulnerabilities with PCRE’s earlier versions which was used by IBM Aspera Shares Application.

CVE(s): CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395

Affected product(s) and affected version(s):

IBM Aspera Shares Application 1.9.2 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j4VSz5
X-Force Database: http://ift.tt/1OkXBfB
X-Force Database: http://ift.tt/2eD1myW
X-Force Database: http://ift.tt/24O3Mgh
X-Force Database: http://ift.tt/1OkXBfD
X-Force Database: http://ift.tt/2f1Hisw
X-Force Database: http://ift.tt/2akVqbx
X-Force Database: http://ift.tt/24O3JkA
X-Force Database: http://ift.tt/24O3JkC
X-Force Database: http://ift.tt/1OkXBfJ
X-Force Database: http://ift.tt/24O3LZZ
X-Force Database: http://ift.tt/1OkXBfx
X-Force Database: http://ift.tt/24O3Jkw
X-Force Database: http://ift.tt/1OkXDEb
X-Force Database: http://ift.tt/24O3Mgf
X-Force Database: http://ift.tt/1OkXBfH
X-Force Database: http://ift.tt/2eD5cbb

The post IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BmTytY

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 …

OpenSSL vulnerabilities were disclosed on September 22, 2016 by the OpenSSL Project. OpenSSL is used by IBM IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client, IBM Aspera Faspstream, IBM Aspera Cargo, and IBM Aspera Sync. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.2 or earlier
IBM Aspera Connect for Web Access 3.6.2 or earlier
IBM Aspera Desktop Client 3.6.2 or earlier
IBM Aspera Point to Point Client 3.6.2 or earlier
IBM Aspera Cargo 1.5.0 or earlier
IBM Aspera Faspstream 3.7.0 or earlier
IBM Aspera Sync 3.5.3 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Bp6HTz
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 … appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j3eMq2

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …)

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares has addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-6308, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Orchestrator 2.6.0 or earlier
IBM Aspera Virtural Catcher 2.4.4 or earlier
IBM Aspera Faspex 4.0.1 or earlier
IBM Aspera Shares 1.9.4 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BnY2AK
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BoUyxV

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Cluster Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named on demand applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-2107, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Boj1mT
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BnXQ4u

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.0 or earlier
IBM Aspera Connect for Web Access 3.6.0 or earlier
IBM Aspera Desktop Client 3.6.0 or earlier
IBM Aspera Point to Point Client 3.6.0 or earlier
IBM Aspera Connect Browser Plug in 3.6.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j6aiPJ
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j2LVC7

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702)

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Clustered Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BmTzOy
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j42m1h

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.0 or earlier
IBM Aspera Connect for Web Access 3.6.0 or earlier
IBM Aspera Desktop Client 3.6.0 or earlier
IBM Aspera Point to Point Client 3.6.0 or earlier
IBM Aspera Connect Browser Plug in 3.6.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j4lR9X
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2Bpjs0q

IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application

There are multiple vulnerabilities with PCRE’s earlier versions which was used by IBM Aspera Shares Application.

CVE(s): CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395

Affected product(s) and affected version(s):

IBM Aspera Shares Application 1.9.2 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j4VSz5
X-Force Database: http://ift.tt/1OkXBfB
X-Force Database: http://ift.tt/2eD1myW
X-Force Database: http://ift.tt/24O3Mgh
X-Force Database: http://ift.tt/1OkXBfD
X-Force Database: http://ift.tt/2f1Hisw
X-Force Database: http://ift.tt/2akVqbx
X-Force Database: http://ift.tt/24O3JkA
X-Force Database: http://ift.tt/24O3JkC
X-Force Database: http://ift.tt/1OkXBfJ
X-Force Database: http://ift.tt/24O3LZZ
X-Force Database: http://ift.tt/1OkXBfx
X-Force Database: http://ift.tt/24O3Jkw
X-Force Database: http://ift.tt/1OkXDEb
X-Force Database: http://ift.tt/24O3Mgf
X-Force Database: http://ift.tt/1OkXBfH
X-Force Database: http://ift.tt/2eD5cbb

The post IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BmTytY

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 …

OpenSSL vulnerabilities were disclosed on September 22, 2016 by the OpenSSL Project. OpenSSL is used by IBM IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client, IBM Aspera Faspstream, IBM Aspera Cargo, and IBM Aspera Sync. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.2 or earlier
IBM Aspera Connect for Web Access 3.6.2 or earlier
IBM Aspera Desktop Client 3.6.2 or earlier
IBM Aspera Point to Point Client 3.6.2 or earlier
IBM Aspera Cargo 1.5.0 or earlier
IBM Aspera Faspstream 3.7.0 or earlier
IBM Aspera Sync 3.5.3 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Bp6HTz
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 … appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j3eMq2

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …)

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares has addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-6308, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Orchestrator 2.6.0 or earlier
IBM Aspera Virtural Catcher 2.4.4 or earlier
IBM Aspera Faspex 4.0.1 or earlier
IBM Aspera Shares 1.9.4 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BnY2AK
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BoUyxV

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Cluster Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named on demand applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-2107, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Boj1mT
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BnXQ4u

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.0 or earlier
IBM Aspera Connect for Web Access 3.6.0 or earlier
IBM Aspera Desktop Client 3.6.0 or earlier
IBM Aspera Point to Point Client 3.6.0 or earlier
IBM Aspera Connect Browser Plug in 3.6.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j6aiPJ
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j2LVC7

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702)

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Clustered Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BmTzOy
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j42m1h

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.0 or earlier
IBM Aspera Connect for Web Access 3.6.0 or earlier
IBM Aspera Desktop Client 3.6.0 or earlier
IBM Aspera Point to Point Client 3.6.0 or earlier
IBM Aspera Connect Browser Plug in 3.6.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j4lR9X
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2Bpjs0q

IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application

There are multiple vulnerabilities with PCRE’s earlier versions which was used by IBM Aspera Shares Application.

CVE(s): CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395

Affected product(s) and affected version(s):

IBM Aspera Shares Application 1.9.2 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j4VSz5
X-Force Database: http://ift.tt/1OkXBfB
X-Force Database: http://ift.tt/2eD1myW
X-Force Database: http://ift.tt/24O3Mgh
X-Force Database: http://ift.tt/1OkXBfD
X-Force Database: http://ift.tt/2f1Hisw
X-Force Database: http://ift.tt/2akVqbx
X-Force Database: http://ift.tt/24O3JkA
X-Force Database: http://ift.tt/24O3JkC
X-Force Database: http://ift.tt/1OkXBfJ
X-Force Database: http://ift.tt/24O3LZZ
X-Force Database: http://ift.tt/1OkXBfx
X-Force Database: http://ift.tt/24O3Jkw
X-Force Database: http://ift.tt/1OkXDEb
X-Force Database: http://ift.tt/24O3Mgf
X-Force Database: http://ift.tt/1OkXBfH
X-Force Database: http://ift.tt/2eD5cbb

The post IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BmTytY

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 …

OpenSSL vulnerabilities were disclosed on September 22, 2016 by the OpenSSL Project. OpenSSL is used by IBM IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client, IBM Aspera Faspstream, IBM Aspera Cargo, and IBM Aspera Sync. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.2 or earlier
IBM Aspera Connect for Web Access 3.6.2 or earlier
IBM Aspera Desktop Client 3.6.2 or earlier
IBM Aspera Point to Point Client 3.6.2 or earlier
IBM Aspera Cargo 1.5.0 or earlier
IBM Aspera Faspstream 3.7.0 or earlier
IBM Aspera Sync 3.5.3 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Bp6HTz
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 … appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j3eMq2

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …)

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares has addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-6308, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Orchestrator 2.6.0 or earlier
IBM Aspera Virtural Catcher 2.4.4 or earlier
IBM Aspera Faspex 4.0.1 or earlier
IBM Aspera Shares 1.9.4 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BnY2AK
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BoUyxV

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Cluster Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named on demand applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-2107, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Boj1mT
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BnXQ4u

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.0 or earlier
IBM Aspera Connect for Web Access 3.6.0 or earlier
IBM Aspera Desktop Client 3.6.0 or earlier
IBM Aspera Point to Point Client 3.6.0 or earlier
IBM Aspera Connect Browser Plug in 3.6.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j6aiPJ
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j2LVC7

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702)

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Clustered Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BmTzOy
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j42m1h

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.0 or earlier
IBM Aspera Connect for Web Access 3.6.0 or earlier
IBM Aspera Desktop Client 3.6.0 or earlier
IBM Aspera Point to Point Client 3.6.0 or earlier
IBM Aspera Connect Browser Plug in 3.6.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j4lR9X
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2Bpjs0q

IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application

There are multiple vulnerabilities with PCRE’s earlier versions which was used by IBM Aspera Shares Application.

CVE(s): CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395

Affected product(s) and affected version(s):

IBM Aspera Shares Application 1.9.2 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j4VSz5
X-Force Database: http://ift.tt/1OkXBfB
X-Force Database: http://ift.tt/2eD1myW
X-Force Database: http://ift.tt/24O3Mgh
X-Force Database: http://ift.tt/1OkXBfD
X-Force Database: http://ift.tt/2f1Hisw
X-Force Database: http://ift.tt/2akVqbx
X-Force Database: http://ift.tt/24O3JkA
X-Force Database: http://ift.tt/24O3JkC
X-Force Database: http://ift.tt/1OkXBfJ
X-Force Database: http://ift.tt/24O3LZZ
X-Force Database: http://ift.tt/1OkXBfx
X-Force Database: http://ift.tt/24O3Jkw
X-Force Database: http://ift.tt/1OkXDEb
X-Force Database: http://ift.tt/24O3Mgf
X-Force Database: http://ift.tt/1OkXBfH
X-Force Database: http://ift.tt/2eD5cbb

The post IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BmTytY

How to build a bulletproof internal data breach response team

We recently released the latest edition of our Data Breach Response Guide, a resource we’re proud to offer to business leaders to help them navigate the often-nebulous waters of incident response planning. As the threat of data breaches become no longer a matter of “if” but “when,” it’s never been more important for organizations to have a proactive plan in place to deal with the fallout, prevent further data loss and manage the possible customer backlash and threat to brand reputation.

We kick off our guide by underscoring the importance of building a strong data breach response team well in advance of an incident. When a data breach occurs, business leaders can be left scrambling to assemble a team and assign responsibilities. Here’s how to make sure your internal breach response team is organized and ready to jump into action:

Your internal team should be composed of these seven divisions:

  1. Incident lead. Usually this will be a Chief Privacy Officer or someone from a legal department who will determine what the team needs to adequately respond to the incident and then coordinate the response, both internally and externally.
  2. Executive leaders. Make sure you have your key decision-makers involved and supporting you with the needed resources to develop, test and implement your plan. This will help you gain the support of top management and give you a line of communication to the board or other stakeholders.
  3. Legal. You’ll need privacy and compliance experts to help navigate any potential lawsuits and fines that you risk after a breach. They will help with how to advise impacted individuals, as well as government agencies, the media and others.
  4. Human resources. HR personnel should be ready to answer questions and inform employees and former employees of the data breach through meetings or online forums.
  5. Public relations. Your PR team will have a crisis management strategy in place and decide on the best way to notify the media and respond to negative press. Along with tracking and analyzing media coverage, they will compose consumer-facing materials for the website, media statements, press releases and more.
  6. Customer care. These are the people who will be on the front lines, fielding concerns and answering questions from customers. They will craft phone scripts, log call volume and take note of the top questions and concerns from customers.
  7. Information technology. Your IT and security teams will train people in data breach response techniques. In the case of an incident, they will isolate contaminated machines, preserve evidence and work with a forensic firm to identify the compromised data and draw up a report detailing the breach with a plan to prevent future attacks.

To learn about the other external partners and influencers you should incorporate into your team, download our complimentary Data Breach Response Guide.

The post How to build a bulletproof internal data breach response team appeared first on Data Breach Resolution.



from Data Breach Resolution http://ift.tt/2i3RO1a

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 …

OpenSSL vulnerabilities were disclosed on September 22, 2016 by the OpenSSL Project. OpenSSL is used by IBM IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client, IBM Aspera Faspstream, IBM Aspera Cargo, and IBM Aspera Sync. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.2 or earlier
IBM Aspera Connect for Web Access 3.6.2 or earlier
IBM Aspera Desktop Client 3.6.2 or earlier
IBM Aspera Point to Point Client 3.6.2 or earlier
IBM Aspera Cargo 1.5.0 or earlier
IBM Aspera Faspstream 3.7.0 or earlier
IBM Aspera Sync 3.5.3 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Bp6HTz
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 … appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j3eMq2

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …)

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares has addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-6308, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Orchestrator 2.6.0 or earlier
IBM Aspera Virtural Catcher 2.4.4 or earlier
IBM Aspera Faspex 4.0.1 or earlier
IBM Aspera Shares 1.9.4 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BnY2AK
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BoUyxV

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Cluster Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named on demand applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-2107, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Boj1mT
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BnXQ4u

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.0 or earlier
IBM Aspera Connect for Web Access 3.6.0 or earlier
IBM Aspera Desktop Client 3.6.0 or earlier
IBM Aspera Point to Point Client 3.6.0 or earlier
IBM Aspera Connect Browser Plug in 3.6.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j6aiPJ
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j2LVC7

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702)

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Clustered Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BmTzOy
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j42m1h

IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application

There are multiple vulnerabilities with PCRE’s earlier versions which was used by IBM Aspera Shares Application.

CVE(s): CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395

Affected product(s) and affected version(s):

IBM Aspera Shares Application 1.9.2 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j4VSz5
X-Force Database: http://ift.tt/1OkXBfB
X-Force Database: http://ift.tt/2eD1myW
X-Force Database: http://ift.tt/24O3Mgh
X-Force Database: http://ift.tt/1OkXBfD
X-Force Database: http://ift.tt/2f1Hisw
X-Force Database: http://ift.tt/2akVqbx
X-Force Database: http://ift.tt/24O3JkA
X-Force Database: http://ift.tt/24O3JkC
X-Force Database: http://ift.tt/1OkXBfJ
X-Force Database: http://ift.tt/24O3LZZ
X-Force Database: http://ift.tt/1OkXBfx
X-Force Database: http://ift.tt/24O3Jkw
X-Force Database: http://ift.tt/1OkXDEb
X-Force Database: http://ift.tt/24O3Mgf
X-Force Database: http://ift.tt/1OkXBfH
X-Force Database: http://ift.tt/2eD5cbb

The post IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BmTytY

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 …

OpenSSL vulnerabilities were disclosed on September 22, 2016 by the OpenSSL Project. OpenSSL is used by IBM IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client, IBM Aspera Faspstream, IBM Aspera Cargo, and IBM Aspera Sync. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.2 or earlier
IBM Aspera Connect for Web Access 3.6.2 or earlier
IBM Aspera Desktop Client 3.6.2 or earlier
IBM Aspera Point to Point Client 3.6.2 or earlier
IBM Aspera Cargo 1.5.0 or earlier
IBM Aspera Faspstream 3.7.0 or earlier
IBM Aspera Sync 3.5.3 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Bp6HTz
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 … appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j3eMq2

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …)

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares has addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-6308, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Orchestrator 2.6.0 or earlier
IBM Aspera Virtural Catcher 2.4.4 or earlier
IBM Aspera Faspex 4.0.1 or earlier
IBM Aspera Shares 1.9.4 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BnY2AK
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BoUyxV

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Cluster Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named on demand applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-2107, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Boj1mT
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BnXQ4u

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.0 or earlier
IBM Aspera Connect for Web Access 3.6.0 or earlier
IBM Aspera Desktop Client 3.6.0 or earlier
IBM Aspera Point to Point Client 3.6.0 or earlier
IBM Aspera Connect Browser Plug in 3.6.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j6aiPJ
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j2LVC7

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702)

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Clustered Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BmTzOy
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j42m1h

IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application

There are multiple vulnerabilities with PCRE’s earlier versions which was used by IBM Aspera Shares Application.

CVE(s): CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395

Affected product(s) and affected version(s):

IBM Aspera Shares Application 1.9.2 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j4VSz5
X-Force Database: http://ift.tt/1OkXBfB
X-Force Database: http://ift.tt/2eD1myW
X-Force Database: http://ift.tt/24O3Mgh
X-Force Database: http://ift.tt/1OkXBfD
X-Force Database: http://ift.tt/2f1Hisw
X-Force Database: http://ift.tt/2akVqbx
X-Force Database: http://ift.tt/24O3JkA
X-Force Database: http://ift.tt/24O3JkC
X-Force Database: http://ift.tt/1OkXBfJ
X-Force Database: http://ift.tt/24O3LZZ
X-Force Database: http://ift.tt/1OkXBfx
X-Force Database: http://ift.tt/24O3Jkw
X-Force Database: http://ift.tt/1OkXDEb
X-Force Database: http://ift.tt/24O3Mgf
X-Force Database: http://ift.tt/1OkXBfH
X-Force Database: http://ift.tt/2eD5cbb

The post IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BmTytY

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 …

OpenSSL vulnerabilities were disclosed on September 22, 2016 by the OpenSSL Project. OpenSSL is used by IBM IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client, IBM Aspera Faspstream, IBM Aspera Cargo, and IBM Aspera Sync. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.2 or earlier
IBM Aspera Connect for Web Access 3.6.2 or earlier
IBM Aspera Desktop Client 3.6.2 or earlier
IBM Aspera Point to Point Client 3.6.2 or earlier
IBM Aspera Cargo 1.5.0 or earlier
IBM Aspera Faspstream 3.7.0 or earlier
IBM Aspera Sync 3.5.3 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Bp6HTz
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 … appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j3eMq2

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …)

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares has addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-6308, CVE-2016-2181, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Aspera Orchestrator 2.6.0 or earlier
IBM Aspera Virtural Catcher 2.4.4 or earlier
IBM Aspera Faspex 4.0.1 or earlier
IBM Aspera Shares 1.9.4 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BnY2AK
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, …) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BoUyxV

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Cluster Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named on demand applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-2107, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Boj1mT
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-2107, CVE-2016-2106, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BnXQ4u

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176)

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin. The above mentioned products have addressed the applicable CVEs.

CVE(s): CVE-2016-2106, CVE-2016-2109, CVE-2016-2176

Affected product(s) and affected version(s):

IBM Aspera Enterprise Server 3.6.0 or earlier
IBM Aspera Connect for Web Access 3.6.0 or earlier
IBM Aspera Desktop Client 3.6.0 or earlier
IBM Aspera Point to Point Client 3.6.0 or earlier
IBM Aspera Connect Browser Plug in 3.6.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2j6aiPJ
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin (CVE-2016-2106, CVE-2016-2109, CVE-2016-2176) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j2LVC7

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702)

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Clustered Manager, IBM Aspera faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application Platform on Demand, and IBM Aspera Azure on Demand. The named applications referenced above have addressed the applicable CVEs.

CVE(s): CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Transfer Clustered Manager 3.6.0 or earlier
IBM Aspera faspex on Demand 3.6.0 or earlier
IBM Aspera Server on Demand 3.6.0 or earlier
IBM Aspera Application Platform on Demand 3.6.0 or earlier
IBM Aspera Azure on Demand 3.5.6 or earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BmTzOy
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

The post IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, & CVE-2016-0702) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2j42m1h