High Severity

IBM Security Bulletin: IBM Cisco MDS Series Switches DCNM is affected by unauthenticated, remote attacker vulnerability (CVE-2017-6639, CVE-2017-6640).

Share this post:

IBM Cisco MDS Series Switches has addressed the following vulnerabilities. A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. A vulnerability in the role-based access control (RBAC) functionality of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system.

CVE(s): CVE-2017-6639, CVE-2017-6640

Affected product(s) and affected version(s):

Affected IBM Cisco DCNM Software Affected Versions
DCNM 10.1(1)
DCNM 10.1(2)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1010329
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/126891
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/126918

More stories

IBM Security Bulletin: Potential MITM attack in Apache CXF used by WebSphere Application Server (CVE-2018-8039)

Sep 21, 2018 9:01 am EDT | High Severity

There is a potential man-in-the-middle attack in Apache CXF used by WebSphere Application Server (CVE-2018-8039) CVE(s): CVE-2018-8039 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: WebSphere Application Server Liberty WebSphere Application Server Version 9.0 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: IBM DataPower Gateways is affected by a Denial of Service vulnerability (CVE-2018-7167)

Sep 21, 2018 9:01 am EDT | High Severity

IBM DataPower Gateways has addressed the following vulnerability: CVE-2018-7167 CVE(s): CVE-2018-7167 Affected product(s) and affected version(s): Affected WebSphere DataPower Appliances Affected Versions IBM DataPower Gateway 7.5.2.0-7.5.2.15 IBM DataPower Gateway CD CD 7.7.0.0-7.7.1.1 IBM DataPower Gateway 7.1.0.0-7.1.0.23 IBM DataPower Gateway 7.2.0.0-7.2.0.21 IBM DataPower Gateway 7.5.0.0-7.5.0.16 IBM DataPower Gateway 7.5.1.0-7.5.1.15 IBM DataPower Gateway 7.6.0.0-7.6.0.8 Refer to the ...read more


IBM Security Bulletin: IBM DataPower Gateways is affected by an XXE vulnerability (CVE-2018-1669)

Sep 21, 2018 9:01 am EDT | High Severity

IBM DataPower Gateways has addressed the following vulnerability: CVE-2018-1669 CVE(s): CVE-2018-1669 Affected product(s) and affected version(s): Affected WebSphere DataPower Appliances Affected Versions IBM DataPower Gateway 7.5.2.0-7.5.2.15 IBM DataPower Gateway CD CD 7.7.0.0-7.7.1.2 IBM DataPower Gateway 7.1.0.0-7.1.0.23 IBM DataPower Gateway 7.2.0.0-7.2.0.21 IBM DataPower Gateway 7.5.0.0-7.5.0.16 IBM DataPower Gateway 7.5.1.0-7.5.1.15 IBM DataPower Gateway 7.6.0.0-7.6.0.8 Refer to the ...read more