System x & Flex

2013 IBM® SDK, Java™ Technology Edition Vulnerabilities

Apr 25, 2016 5:34 pm EDT

Recent media articles have mentioned that a patch released by IBM in 2013 for a vulnerability in its IBM® SDK, Java™ Technology Edition implementation can be bypassed. IBM is aware of the vulnerability and is working to address the issue. ...read more


IBM Applicable countries and regions

Apr 22, 2016 8:23 pm EDT

OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface. IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) have addressed the applicable CVEs. CVE(s):CVE-2015-1789, CVE-2015-1790, CVE-2015-1792 Affected product(s) and affected version(s): System Affected Version ...read more


Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module

Apr 15, 2016 11:29 pm EDT

The following curl, glibc, php and OpenSSL vulnerabilities, as well as MD5 “SLOTH” vulnerability on TLS 1.2, affect IBM Flex System Chassis Management Module. CVE(s):CVE-2015-7575, CVE-2015-3194, CVE-2015-3195, CVE-2015-3143, CVE-2015-3148, CVE-2015-3153, CVE-2015-1781, CVE-2014-8121, CVE-2013-2207, CVE-2015-4026, CVE-2015-4598, CVE-2015-4599, CVE-2015-3411, CVE-2015-3412, CVE-2015-4024, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, CVE-2014-9709, CVE-2015-0232, CVE-2015-2305, CVE-2015-2787, CVE-2015-4022 and CVE-2015-4148 Affected product(s) and affected version(s): ...read more


Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Chassis Management Module (CMM)

Apr 7, 2016 5:58 pm EDT

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Flex System Chassis Management Module. IBM Flex System Chassis Management Module has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption” vulnerability. CVE(s):CVE-2016-0800, CVE-2016-0705, CVE-2016-0799 and CVE-2015-3197 Affected product(s) and affected version(s): Product ...read more


Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Chassis Management Module (CVE-2016-0777, CVE-2016-0778)

Apr 7, 2016 5:58 pm EDT

An information leak flaw and buffer overflow flaw in the way the OpenSSH client roaming feature was implemented affects IBM Flex System Chassis Management Module (CMM). CVE(s):CVE-2016-0777 and CVE-2016-0778 Affected product(s) and affected version(s): Product Affected Version IBM Flex System Chassis Management Module (CMM) 2PET Refer to the following reference URLs for remediation and additional ...read more


Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module

Apr 7, 2016 5:58 pm EDT

The switch firmware deliverables listed below have addressed the applicable NTP CVEs. CVE(s):CVE-2015-7855, CVE-2015-7871, CVE-2015-7692, CVE-2015-7691, CVE-2015-7701, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848 and CVE-2015-7849 Affected product(s) and affected version(s): Product Affected Version IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware 9.1 QLogic 8Gb Intelligent Pass-thru Module & SAN ...read more


Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module

Apr 7, 2016 5:58 pm EDT

The following curl, glibc, php and OpenSSL vulnerabilities, as well as MD5 “SLOTH” vulnerability on TLS 1.2, affect IBM Flex System Chassis Management Module. CVE(s):CVE-2015-7575, CVE-2015-3194, CVE-2015-3195, CVE-2015-3143, CVE-2015-3148, CVE-2015-3153, CVE-2015-1781, CVE-2014-8121, CVE-2013-2207, CVE-2015-4026, CVE-2015-4598, CVE-2015-4599, CVE-2015-3411, CVE-2015-3412, CVE-2015-4024, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, CVE-2014-9709, CVE-2015-0232, CVE-2015-2305, CVE-2015-2787, CVE-2015-4022 and CVE-2015-4148 Affected product(s) and affected version(s): ...read more


Security Bulletin: Vulnerabilities in NTP and GNU C Library (glibc) affect IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware

Apr 6, 2016 3:28 pm EDT

IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following vulnerabilities in NTP and GNU C Library (glibc). CVE(s):CVE-2014-8121, CVE-2015-1781, CVE-2015-7855, CVE-2015-7853, CVE-2015-7692 and CVE-2015-7871 Affected product(s) and affected version(s): Product Affected Version IBM FLEX System EN6131 40Gb Ethernet & IB6131 8 Gb Infiniband Switch Firmware 3.2-3.4 Refer to ...read more


Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Management Module (IMM) (CVE-2015-3195)

Apr 5, 2016 6:05 pm EDT

IBM Integrated Management Module (IMM) has addressed the following vulnerability in OpenSSL. CVE(s):CVE-2015-3195 Affected product(s) and affected version(s): Product Affected Version IBM Integrated Management Module (IMM) YUOO Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099277 X-Force Database: http://exchange.xforce.ibmcloud.com/vulnerabilities/108504 ...read more