There are multiple vulnerabilities identified in IBM Security SiteProtector Appliance.
CVEID: CVE-2013-2566 **
DESCRIPTION:** The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information, caused by the inclusion of multiple single-byte biases. An attacker could exploit this vulnerability using statistical analysis of ciphertext in a large number of sessions that use the same plaintext to conduct plaintext-recovery attacks and obtain sensitive information.
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82884 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-6321 **
DESCRIPTION:** Microsoft Secure Channel could allow a remote attacker to execute arbitrary code on the system, caused by improper processing of packets by Schannel. By sending specially-crafted packets to a Windows server, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98342 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2015-0162 **
DESCRIPTION:** IBM SiteProtector could allow a local attacker to gain elevated privileges on the system, caused by an unquoted Windows search path vulnerability. An attacker could exploit this vulnerability using a Trojan horse application to inject arbitrary code in to the root path and gain elevated privileges on the system.
CVSS Base Score: 6.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100865 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C)
IBM Security SiteProtector Appliance – SP2001, SP3001 and SP4001
Apply the appropriate eXPress Update (XPU) as identified in the SiteProtector Console Agent view:
For SiteProtector Appliance SP2001 and SP3001:
SP2001 Component:
SP_Firmware1_15.xpu
SP3001 Component:
SP_Firmware1_16.xpu
SP_Firmware1_17.xpu
For SiteProtector Appliance SP4001:
SP4001 Component:
SP_Firmware2_1.xpu
None