IBM SmartCloud Analytics - Log Analysis product bundles the Open Source Python which is vulnerable to CVE-2014-9365
CVEID:CVE-2014-9365
DESCRIPTION:
Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certificate by the HTTP libraries. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability using man-in-the-middle techniques to launch further attacks on the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/99294 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM SmartCloud Analytics - Log Analysis 1.2.0.3
IBM SmartCloud Analytics - Log Analysis 1.2.0.3 IF1
IBM SmartCloud Analytics - Log Analysis 1.3.0
<Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SmartCloud Analytics - Log Analysis| 1.2.0.3| None| https://www.python.org/downloads/release/python-279/
IBM SmartCloud Analytics - Log Analysis| 1.2.0.3 IF1| None| https://www.python.org/downloads/release/python-279/
IBM SmartCloud Analytics - Log Analysis| 1.3.0| None| https://www.python.org/downloads/release/python-279/
None