IBM Security Bulletin: OpenSSL Vulnerability affects IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware (CVE-2017-3737)

OpenSSL vulnerabilities were disclosed on December 7, 2017 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware, has addressed the applicable CVE.

CVE(s): CVE-2017-3737

Affected product(s) and affected version(s):

The following IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) components and levels are affected by OpenSSL vulnerabilities when used with a DS8000, SVC, NetApp, or IBM N-series storage device:

IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware at these levels:
– 4.1.0.0 through 4.1.6.3
– 3.2 and below all levels – these releases are EOS

IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) is vulnerable only when it initiates and maintains a communication session with a DS8000, SVC, NetApp, or IBM N-series storage device. The vulnerability does not exist during communication sessions with other types of storage devices or when an external program attempts to initiate an OpenSSL session with IBM Spectrum Protect Snapshot.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013665
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077

The post IBM Security Bulletin: OpenSSL Vulnerability affects IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware (CVE-2017-3737) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2o9m1OP