Low Severity

IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2018-0737) Security Bulletin

Share this post:

There is a vulnerability in OpenSSL used by AIX.

CVE(s): CVE-2018-0737

Affected product(s) and affected version(s):

AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x

The following fileset levels are vulnerable:

key_fileset = osrcaix

Fileset Lower Level Upper Level KEY
——————————————————
openssl.base 1.0.2.500 1.0.2.1300 key_w_fs
openssl.base 20.13.102.1000 20.13.102.1300 key_w_fs

Note:
A. 0.9.8, 1.0.1 OpenSSL versions are out-of-support. Customers are advised to upgrade to currently supported OpenSSL 1.0.2 version.
B. Latest level of OpenSSL fileset is available from the web download site:

https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in the AIX user’s guide.

Example: lslpp -L | grep -i openssl.base

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10713441
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141679

More stories

IBM Security Bulletin: IBM Maximo Anywhere does not have device root detection. (CVE-2019-4265)

Oct 9, 2019 9:01 am EDT | Low Severity

IBM Maximo Anywhere does not have device root detection which could result in an attacker gaining sensitive information about the device. CVE(s): CVE-2019-4265 Affected product(s) and affected version(s): Affected IBM Maximo Anywhere Affected Versions IBM Maximo Anywhere 7.6.2 IBM Maximo Anywhere 7.6.3 IBM Maximo Anywhere 7.6.1 IBM Maximo Anywhere 7.6.0 Refer to the following reference ...read more


IBM Security Bulletin: Daeja ViewONE Virtual may expose internal IP addresses (CVE-2019-4246)

Sep 30, 2019 9:01 am EDT | Low Severity

During certain operation Daeja ViewONE transmits the internal IP address to the client. CVE(s): CVE-2019-4246 Affected product(s) and affected version(s): Daeja ViewONE Virtual 5.0 – 5.0.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www.ibm.com/support/pages/node/884380X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159521 ...read more


IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737)

Sep 19, 2019 9:00 am EDT | Low Severity

Security vulnerabilities affect IBM Watson Explorer Foundational Components. CVE(s): CVE-2018-0732, CVE-2018-0734, CVE-2018-0737 Affected product(s) and affected version(s): The vulnerabilities apply to the following products and versions: Affected Product Affected Versions Applicable Vulnerabilities IBM Watson Explorer Deep Analytics Edition Foundational Components 12.0.2, 12.0.2.1 CVE-2018-0734 CVE-2018-0737 IBM Watson Explorer Deep Analytics Edition Foundational Components 12.0.0, 12.0.1 CVE-2018-0732 ...read more