IBM Security Access Manager Appliance has addressed the following vulnerabilities.
CVEID:CVE-2017-6464
DESCRIPTION: NTP is vulnerable to a denial of service. A remote authenticated attacker could exploit this vulnerability using a malformed mode configuration directive to cause the application to crash.
CVSS Base Score: 4.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123610> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2017-6463
DESCRIPTION: NTP is vulnerable to a denial of service. By sending an invalid setting, a remote authenticated attacker could exploit this vulnerability using the :config directive to cause the daemon to crash.
CVSS Base Score: 4.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123612> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2017-6462
DESCRIPTION: NTP is vulnerable to a denial of service, caused by a buffer overflow in the legacy Datum Programmable Time Server refclock driver. By sending specially crafted packets, a local authenticated attacker could exploit this vulnerability to overflow a buffer and cause a denial of service.
CVSS Base Score: 1.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123611> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)
Affected IBM Security Access Manager Appliance
|
Affected Versions
โ|โ
IBM Security Access Manager for Web | 7.0 - 7.0.0.33
IBM Security Access Manager for Web | 8.0 - 8.0.1.7
IBM Security Access Manager for Mobile | 8.0 - 8.0.1.7
IBM Security Access Manager | 9.0 - 9.0.5.0
The table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch.
Product | VRMF | APAR | Remediation |
---|---|---|---|
IBM Security Access Manager for Web | 7.0 - 7.0.0.32 (appliance) | IJ03473 | Apply Interim Fix 34: |
7.0.0-ISS-WGA-IF0034 | |||
IBM Security Access Manager for Web | 8.0.0.0 - | ||
8.0.1.7 | IJ03471 |
1. For versions prior to 8.0.1.7, upgrade to 8.0.1.7:
8.0.1-ISS-WGA-FP0007_ _
2. Apply 8.0.1.7 IF1:
8.0.1.7-ISS-WGA-IF0001
IBM Security Access Manager for Mobile | 8.0.0.0 -
8.0.1.7 | IJ03472 |
1. For versions prior to 8.0.1.7, upgrade to 8.0.1.7:
8.0.1-ISS-ISAM-FP0007
2. Apply 8.0.1.7 IF 1:
8.0.1.7-ISS-ISAM-IF0001
IBM Security Access Manager | 9.0 -
9.0.5.0 | IJ03471 |
1. For versions prior to 9.0.5.0, upgrade to 9.0.5.0:
2. Upgrade to 9.0.5.0 IF 1:
9.0.5.0-ISS-ISAM-IF0001
None.