Security Bulletin: IBM SmartCloud Analytics - Log Analysis is affected by Open Source Python Vulnerability (CVE-2014-9365)

Summary

IBM SmartCloud Analytics - Log Analysis product bundles the Open Source Python which is vulnerable to CVE-2014-9365

Vulnerability Details

CVEID:CVE-2014-9365
DESCRIPTION:
Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certificate by the HTTP libraries. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability using man-in-the-middle techniques to launch further attacks on the system.

CVSS Base Score: 4.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/99294 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM SmartCloud Analytics - Log Analysis 1.2.0.3
IBM SmartCloud Analytics - Log Analysis 1.2.0.3 IF1
IBM SmartCloud Analytics - Log Analysis 1.3.0

Remediation/Fixes

<Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SmartCloud Analytics - Log Analysis| 1.2.0.3| None| https://www.python.org/downloads/release/python-279/
IBM SmartCloud Analytics - Log Analysis| 1.2.0.3 IF1| None| https://www.python.org/downloads/release/python-279/
IBM SmartCloud Analytics - Log Analysis| 1.3.0| None| https://www.python.org/downloads/release/python-279/

Workarounds and Mitigations

None