A security vulnerability has been discovered in sqlite that is embedded in the IBM FSM. This bulletin addresses this vulnerability.
CVEID: CVE-2016-6153**
DESCRIPTION:** SQLite could allow a local attacker to gain elevated privileges on the system, caused by the creation of temporary files in directory with insecure permissions. An attacker could exploit this vulnerability to obtain leaked data.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114715 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Flex System Manager 1.3.4.x
Flex System Manager 1.3.3.x
Flex System Manager 1.3.2.x
IBM recommends updating the FSM using the instructions referenced in this table.
Product |
VRMF |
APAR |
Remediation
—|—|—|—
Flex System Manager|
1.3.4.x |
IT17534
| Install fsmfix1.3.4.0_IT17534_IT17536_IT17537_IT17653
Flex System Manager|
1.3.3.x |
IT17534
| Install fsmfix1.3.3.0_IT17534_IT17536_IT17537_IT17653
Flex System Manager|
1.3.2.x |
IT17534
| Install fsmfix1.3.2.0_IT17534_IT17536_IT17537_IT17653
For a complete list of FSM security bulletins refer to this technote: http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex--NULL--E
For 1.1.x.x, 1.2.x.x, 1.3.0.x and 1.3.1.x IBM recommends upgrading to a fixed, supported version/release of the product.
None