IBM Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem models 840 and 900 (CVE-2016-2107)

There is a vulnerability in open source OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote user with the ability to conduct a man-in-the-middle attack to decrypt traffic.

CVE(s): CVE-2016-2107

Affected product(s) and affected version(s):

FlashSystem 840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE1 and 9843-AE1.

FlashSystem 900 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE2 and 9843-AE2.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2c9VL2K
X-Force Database: http://ift.tt/1NwOQz5



from IBM Product Security Incident Response Team http://ift.tt/2c9XBjQ