IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Vulnerabilities in the Apache Tomcat component affect the product’s management GUI. The CLI interface is unaffected. The applicable CVEs are CVE-2016-5385 CVE-2016-5386 CVE-2016-5387 CVE-2016-5388.

CVE(s): CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388

Affected product(s) and affected version(s):

IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V3700
IBM Storwize V3500
IBM FlashSystem V9000

All products are affected when running supported releases 1.1 to 7.7.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gQ7oMo
X-Force Database: http://ift.tt/2dv9pkb
X-Force Database: http://ift.tt/2gQayjk
X-Force Database: http://ift.tt/2aO8XMj
X-Force Database: http://ift.tt/2dTp7zH



from IBM Product Security Incident Response Team http://ift.tt/2h2t5fe