IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Unified Extensible Firmware Interface (UEFI) (CVE-2017-3735 CVE-2017-3736)
IBM Unified Extensible Firmware Interface (UEFI) has addressed the following vulnerabilities in OpenSSL.
CVE(s): CVE-2017-3735, CVE-2017-3736
Affected product(s) and affected version(s):
| System Name | Affected Version |
|---|---|
| BladeCenter HS23 7875/1929 | tke1 |
| BladeCenter HS23E 8038/8039 | ahe1 |
| Flex System x220 2585/7906 | kse1 |
| Flex System x222 7916 | cce1 |
| Flex System x240 7863/8737/8738/8956 | b2e1 |
| Flex System x280, x480, x880 7903 | n2e1 |
| Flex System x440 7917 | cne1 |
| System x iDataPlex dx360 M4 7912/7913 | tde1 |
| System x NeXtScale nx360 M4 5455 | fhe1 |
| System x3100 M5 5457 | j9e1 |
| System x3250 M5 5458 | jue1 |
| System x3300 M4 7382 | yae1 |
| System x3500 M4 7383 | y5e1 |
| System x3550 M4 7914 | d7e1 |
| System x3630 M4 7158 System x3530 M4 7160 | bee1 |
| System x3650 M4 7915 System x3650 M4 HD 5460 | vve1 |
| System x3650 M4 BD 5466 | yoe1 |
| System x3750 M4 8718/8722/8733/8752 | koe1 |
| System x3850 x6 3837/3839 System x3950 x6 3839 | a8e1 |
Note: The following systems are not affected by this vulnerability.
| System x3100 M4 2582 System x3250 M4 2583 | jqe1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099792
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/131047
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Unified Extensible Firmware Interface (UEFI) (CVE-2017-3735 CVE-2017-3736) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2ppputy