Thursday, April 19, 2018

IBM Security Bulletin: OpenSSL Vulnerability affects IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Unix (CVE-2017-3737)

Apr 19, 2018 9:01 am EDT

Categorized: Medium Severity

Share this post:

OpenSSL vulnerabilities were disclosed on December 7, 2017 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Unix, has addressed the applicable CVE.

CVE(s): CVE-2017-3737

Affected product(s) and affected version(s):

The following IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) components and levels are affected by OpenSSL vulnerabilities when used with a DS8000, SVC, NetApp, or IBM N-series storage device:

  • IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Unix and Linux
  • IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for DB2
  • IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Oracle
  • IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Oracle with SAP environments
  • IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Custom Applications

The above components are affected at these levels:

  • 8.1.0.0 through 8.1.4.0
  • 4.1.0.0 through 4.1.6.1 (AIX and Linux)
  • 4.1.0.0 through 4.1.1.5 (HP_UX and Solaris)
  • 3.2 and below all levels – these releases are EOS

IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) is vulnerable only when it initiates and maintains a communication session with a DS8000, SVC, NetApp, or IBM N-series storage device. The vulnerability does not exist during communication sessions with other types of storage devices or when an external program attempts to initiate an OpenSSL session with IBM Spectrum Protect Snapshot.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013612
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077



from IBM Product Security Incident Response Team https://ift.tt/2JWNqxE
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)