IBM Security Bulletin: IBM Systems Director (ISD) Storage Control is affected by vulnerabilities in IBM Websphere Application Server (WAS), OpenSSL and IBM Java Runtime.
There are vulnerabilities addressed in IBM WAS, IBM Runtime Environment Java™Technology Edition, and OpenSSL that are used by ISD Storage Control. The Java issues were disclosed as part of the IBM Java updates for January 2017.
CVE(s): CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-8919
Affected product(s) and affected version(s):
From the IBM Systems Director command line enter smcli lsver to determine the level of IBM Systems Director installed.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2pxDJuw
X-Force Database: http://ift.tt/2dR3VyC
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2iIIHRy
The post IBM Security Bulletin: IBM Systems Director (ISD) Storage Control is affected by vulnerabilities in IBM Websphere Application Server (WAS), OpenSSL and IBM Java Runtime. appeared first on IBM PSIRT Blog.
| Affected Product and Version(s) | Product and Version shipped as a component |
| IBM System Director Storage Control 4.2.6 | IBM Systems Director 6.3.5 |
| IBM System Director Storage Control 4.2.7 | IBM Systems Director 6.3.6 |
| IBM System Director Storage Control 4.2.8 | IBM Systems Director 6.3.7 |
from IBM Product Security Incident Response Team http://ift.tt/2ovC3E7