IBM Security Bulletin: Multiple vulnerabilities in GSKit affect IBM Workload Scheduler

Jul 13, 2018 9:00 am EDT

Categorized: High Severity

Share this post:

GSKit is used by IBM Workload Manager and is vulnerable to some OpenSSL vulnerabilities. IBM Workload Manager has addressed the applicable CVEs using an updated version of GSKit libraries.

CVE(s): CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426, CVE-2016-0702

Affected product(s) and affected version(s):

TWS uses GSKit only for secure communication between internal processes.
For Tivoli Workload Scheduler Distributed, TWS nodes are impacted by these security exposures only if the TWS workstation has been defined with “securitylevel” set to on or enabled or force and GSKit has been explictly enabled.
Furthermore the vulnerability applies to Dynamic Agents or zCentric agents too.
The security exposures apply to the following versions:
Tivoli Workload Scheduler Distributed 8.6.0 FP04 and earlier
Tivoli Workload Scheduler Distributed 9.1.0 FP02 and earlier
Tivoli Workload Scheduler Distributed 9.2.0 FP02 and earlier
IBM Workload Scheduler Distributed 9.3.0 FP03 and earlier
IBM Workload Scheduler Distributed 9.4.0 FP03 and earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10717133
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111140
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121313
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139073
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139072
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111144

from IBM Product Security Incident Response Team https://ift.tt/2Jp3ZRk