High Severity

IBM Security Bulletin: IBM Cisco MDS Series Switches DCNM is affected by unauthenticated, remote attacker vulnerability (CVE-2017-6639, CVE-2017-6640).

Share this post:

IBM Cisco MDS Series Switches has addressed the following vulnerabilities. A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. A vulnerability in the role-based access control (RBAC) functionality of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system.

CVE(s): CVE-2017-6639, CVE-2017-6640

Affected product(s) and affected version(s):

Affected IBM Cisco DCNM Software Affected Versions
DCNM 10.1(1)
DCNM 10.1(2)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1010329
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/126891
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/126918

More stories

IBM Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i

Sep 18, 2018 9:01 am EDT | High Severity

Samba is supported on IBM i. IBM i has addressed the applicable CVEs. CVE(s): CVE-2018-10918, CVE-2018-1139, CVE-2018-10919, CVE-2018-10858, CVE-2018-1140 Affected product(s) and affected version(s): Releases 7.2 and 7.3 of IBM are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10730345X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148709X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148707X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148708X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148710X-Force Database: ...read more


IBM Security Bulletin: IBM Connections Security Refresh for Apache Struts Remote Code Execution (RCE) Vulnerability (CVE-2018-11776)

Sep 18, 2018 9:01 am EDT | High Severity

Certain versions of Apache Struts 2 Framework are vulnerable to RCE attacks. IBM Connections uses Apache Struts 2, see details below for remediation information. CVE(s): CVE-2018-11776 Affected product(s) and affected version(s): The following versions of IBM Connections are impacted: IBM Connections 6.0 IBM Connections 5.5 IBM Connections 5.0 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Vulnerabilities in cURL/libcURL affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru

Sep 18, 2018 9:00 am EDT | High Severity

The following vulnerabilities in cURL/libcURL have been addressed by IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru. CVE(s): CVE-2018-1000007, CVE-2018-1000005 Affected product(s) and affected version(s): Product Affected Version IBM Flex System FC3171 8Gb SAN Switch and IBM Flex System FC3171 8Gb SAN Pass-thru Firmware Update 9.1 Refer to the following reference URLs for ...read more