Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM84340B9B79945C0D8BFF899DFFC54747A275A308F2F5601FE06D199E6071FEAA
HistoryJan 31, 2019 - 2:25 a.m.

Security Bulletin: Vulnerabilities in libxml2 affect IBM RackSwitch Products

2019-01-3102:25:02
www.ibm.com
12

0.341 Low

EPSS

Percentile

97.1%

JSON

Summary

IBM RackSwitch Products have addressed the following vulnerabilities in libxml2.

Vulnerability Details

Summary

IBM RackSwitch Products have addressed the following vulnerabilities in libxml2.

Vulnerability Details:

CVEID: CVE-2017-7376

Description: libxml2 is vulnerable to a denial of service, caused by the incorrect limit used when calculating the port value in xmlParse3986Port function. An attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/128276&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-7375

Description: libxml2 could allow a remote attacker to obtain sensitive information, caused by missing validation for external entities in xmlParsePEReference. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.

CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/128275&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L)

CVEID: CVE-2017-0663

Description: Google Android could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in libxml2. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code within the context of an unprivileged process.

CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127292&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Product Affected Version
IBM RackSwitch G8052 7.11
IBM RackSwitch G8124/G8124E 7.11
IBM RackSwitch G8264 7.11
IBM RackSwitch G8264CS 7.8
IBM RackSwitch G8264T 7.9
IBM RackSwitch G8316 7.9
IBM RackSwitch G8332 7.7

Remediation/Fixes:

Firmware fix versions are available on Fix Central:
<http://www.ibm.com/support/fixcentral/&gt;.

Product Fix Version
IBM RackSwitch G8052 (G8052_Image_7.11.11.0) 7.11.11.0
IBM RackSwitch G8124/G8124E (G8124_G8124E_Image_7.11.11.0) 7.11.11.0
IBM RackSwitch G8264 (G8264_Image_7.11.11.0) 7.11.11.0
IBM RackSwitch G8264CS (G8264CS_Image_7.8.18.0) 7.8.18.0
IBM RackSwitch G8264T (G8264T_Image_7.9.21.0) 7.9.21.0
IBM RackSwitch G8316 (G8316_Image_7.9.21.0) 7.9.21.0
IBM RackSwitch G8332 (G8332_Image_7.7.27.0) 7.7.27.0

Workaround(s) & Mitigation(s):

None

References:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories

Acknowledgement

None

Change History
21 November 2017: Original Copy Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an β€œindustry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES β€œAS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

ibm 10
nessus 26
openvas 20
veracode 4
osv 5
debian 4
ubuntu 2
cloudfoundry 1
rubygems 1
ubuntucve 3
nvd 3
debiancve 3
cve 3
cvelist 3
redhatcve 2
prion 3
f5 1
gentoo 1
mageia 1
suse 1
rosalinux 1
apple 14
androidsecurity 1
tenable 1
ics 1
ibm
ibm
Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch Products
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems
2023-04-14 14:32:25
nessus
nessus
SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1813-1)
2017-07-10 00:00:00
SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1743-1)
2017-07-03 00:00:00
openSUSE Security Update : libxml2 (openSUSE-2017-793)
2017-07-07 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1813-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1743-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-1060-1)
2018-02-06 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2017-09-21 08:34:03
XML External Entity (XXE)
2018-04-11 07:01:04
Heap Buffer Overflow
2024-01-19 09:16:56
osv
osv
libxml2 - security update
2017-08-19 00:00:00
libxml2 - security update
2017-08-23 00:00:00
libxml2 - security update
2017-06-30 00:00:00
debian
debian
[SECURITY] [DLA 1060-1] libxml2 security update
2017-08-19 17:08:21
[SECURITY] [DSA 3952-1] libxml2 security update
2017-08-23 04:54:22
[SECURITY] [DSA 3952-1] libxml2 security update
2017-08-23 04:54:22
ubuntu
ubuntu
libxml2 vulnerabilities
2017-10-10 00:00:00
libxml2 vulnerabilities
2017-09-19 00:00:00
cloudfoundry
cloudfoundry
USN-3424-1: libxml2 vulnerabilities | Cloud Foundry
2017-11-01 00:00:00
rubygems
rubygems
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
2017-09-18 21:00:00
ubuntucve
ubuntucve
CVE-2017-7376
2017-06-21 00:00:00
CVE-2017-7375
2017-06-21 00:00:00
CVE-2017-0663
2017-06-14 00:00:00
nvd
nvd
CVE-2017-7375
2018-02-19 19:29:00
CVE-2017-7376
2018-02-19 19:29:00
CVE-2017-0663
2017-06-14 13:29:00
debiancve
debiancve
CVE-2017-7375
2018-02-19 19:29:00
CVE-2017-7376
2018-02-19 19:29:00
CVE-2017-0663
2017-06-14 13:29:00
cve
cve
CVE-2017-7375
2018-02-19 19:29:00
CVE-2017-7376
2018-02-19 19:29:00
CVE-2017-0663
2017-06-14 13:29:00
cvelist
cvelist
CVE-2017-7375
2018-02-19 19:00:00
CVE-2017-7376
2018-02-19 19:00:00
CVE-2017-0663
2017-06-14 13:00:00
redhatcve
redhatcve
CVE-2017-7376
2017-06-16 12:51:58
CVE-2017-7375
2017-06-16 12:52:20
prion
prion
Design/Logic Flaw
2018-02-19 19:29:00
Buffer overflow
2018-02-19 19:29:00
Remote code execution
2017-06-14 13:29:00
f5
f5
K23180157 : libxml2 vulnerability CVE-2017-7376
2021-08-02 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-11-10 00:00:00
mageia
mageia
Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
2018-01-03 18:50:51
suse
suse
Security update for SLES 12-SP2 Docker image (important)
2017-10-11 03:08:09
rosalinux
rosalinux
Advisory ROSA-SA-2021-1905
2021-07-02 17:25:35
apple
apple
About the security content of iTunes 12.7 for Windows
2017-09-12 00:00:00
About the security content of iTunes 12.7 for Windows - Apple Support
2018-10-18 05:03:03
About the security content of iCloud for Windows 7.0
2017-09-25 00:00:00
androidsecurity
androidsecurity
Android Security Bulletinβ€”June 2017
2017-06-05 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

0.341 Low

EPSS

Percentile

97.1%

JSON
Related for 84340B9B79945C0D8BFF899DFFC54747A275A308F2F5601FE06D199E6071FEAA
ibm10nessus26openvas20veracode4osv5debian4ubuntu2cloudfoundry1rubygems1ubuntucve3nvd3debiancve3cve3cvelist3redhatcve2prion3f51gentoo1mageia1suse1rosalinux1apple14androidsecurity1tenable1ics1