High Severity

IBM Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models V840 and V9000

Share this post:

There are vulnerabilities in Java to which the IBM FlashSystem™ V840 and FlashSystem V9000 are susceptible (CVE-2017-18017 and CVE-2017-17449). An exploit of CVE-2017-18017 could allow a remote attacker to cause a denial of service condition. An exploit of CVE-2017-17449 could allow an attacker to obtain sensitive information.

CVE(s): CVE-2017-18017, CVE-2017-17449

Affected product(s) and affected version(s):

Storage Node machine type and models (MTMs) affected:

  • 9846-AE1 and 9848-AE1
  • 9846-AE2 and 9848-AE2
  • 9846-AE3 and 9848-AE3

Controller Node MTMs affected:

  • 9846-AC0 and 9848-AC0
  • 9846-AC1 and 9848-AC1
  • 9846-AC2 and 9848-AC2
  • 9846-AC3 and 9848-AC3

Supported storage node code versions which are affected

  • VRMFs prior to 1.4.8.2
  • VRMFs prior to 1.5.2.5
  • VRMFs prior to 1.6.1.0

Supported controller node code versions which are affected
· VRMFs prior to 7.8.1.8
· VRMFs prior to 8.1.3.3
· VRMFs prior to 8.2.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10957179
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137122
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136106

More stories

IBM Security Bulletin: Remote Execution Vulnerability Affects Red Hat Linux Used By IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter (CVE-2019-12735)

Aug 23, 2019 9:01 am EDT | High Severity

There is a security vulnerability that affects Red Hat Linux used by IBM WebSphere Application Server in the IBM Cloud. CVE(s): CVE-2019-12735 Affected product(s) and affected version(s): These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter: 2.0 3.0 Refer to the following reference URLs for ...read more


IBM Security Bulletin: IBM Security Access Manager for Enterprise Single-Sign On is affected by an XML External Entity Injection (XXE) vulnerability (CVE-2019-4513)

Aug 22, 2019 9:01 am EDT | High Severity

IBM Security Access Manager for Enterprise Single-Sign On has addressed the following vulnerability: XML External Entity Injection (XXE) attack when processing XML data. CVE(s): CVE-2019-4513 Affected product(s) and affected version(s):IBM Security Access Manager for Enterprise Single-Sign On 8.2.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10996716X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/164555 ...read more


IBM Security Bulletin: This Power System update is being released to address CVE-2019-4169

Aug 22, 2019 9:01 am EDT | High Severity

POWER9: In response to an IPMI implementation error, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2019-4169. CVE(s): CVE-2019-4169 Affected product(s) and affected version(s):P9 OpenPOWER releases OP910 and OP920 are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10881209X-Force ...read more