Multiple N series products utilize the TLS protocol. Any system using the TLS protocol with 64-bit block ciphers that are used in long running connections are vulnerable to a birthday attack referred to as SWEET32. When exploited, the vulnerability may lead to the unauthorized disclosure of information. Multiple N series Products have addressed the applicable CVE.
CVE(s): CVE-2016-2183
Affected product(s) and affected version(s):
Data ONTAP operating in 7-Mode: 8.2.1, 8.2.2, 8.2.3, 8.2.4;
N series Snap Creator Framework: 4.3;
N series System Setup: 1.2, 2.3;
SnapDrive for Unix: 5.3;
SnapDrive for Windows: 7.1.1, 7.1.2, 7.1.3;
Virtual Storage Console for VMware vSphere: 6.2;
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011817
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116337
The post IBM Security Bulletin:TLS Protocol 64-bit Cipher Vulnerability in Multiple N series Products (CVE-2016-2183) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2nzsfav
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.