Medium Severity

IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2016-8858, CVE-2016-10009, CVE-2016-10011, CVE-2016-10012)

Share this post:

Vulnerabilities in OpenSSH affect AIX.

CVE(s):CVE-2016-8858, CVE-2016-10009, CVE-2016-10011, CVE-2016-10012

Affected product(s) and affected version(s):

        AIX 5.3, 6.1, 7.1, 7.2
        VIOS 2.2.x
        
        The following fileset levels are vulnerable:
        
        key_fileset = osrcaix
        
        Fileset                 Lower Level   Upper Level    KEY
        -------------------------------------------------------------
        openssh.base.client     4.0.0.5200    6.0.0.6203     key_w_fs
        openssh.base.server     4.0.0.5200    6.0.0.6203     key_w_fs
   
        Note:  To determine if your system is vulnerable, execute the
        following commands:

            lslpp -L | grep -i openssh.base.client
            lslpp -L | grep -i openssh.base.server

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc
X-Force Database: http://exchange.xforce.ibmcloud.com/vulnerabilities/118127
X-Force Database: http://exchange.xforce.ibmcloud.com/vulnerabilities/119828
X-Force Database: http://exchange.xforce.ibmcloud.com/vulnerabilities/119830
X-Force Database: http://exchange.xforce.ibmcloud.com/vulnerabilities/119831

More stories

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

Sep 24, 2021 8:00 pm EDT | Medium Severity

Apache HTTP Server on IBM i is vulnerabile to the issues described in the vulnerability details section. IBM i has addressed the vulnerabilities in the Apache HTTP Server implementation as described in the remediation/fixes section. ...read more


Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability.

Sep 23, 2021 8:00 pm EDT | Medium Severity

WebSphere Application Server Liberty used by Rational Asset Analyzer is vulnerable to an XML External Entity Injection (XXE) vulnerability. This has been addressed. ...read more


Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-38877)

Sep 22, 2021 8:04 pm EDT | Medium Severity

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. ...read more