CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
98.1%
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.6.0 that is used by FlashSystem 840. These issues were disclosed as part of the IBM Java SDK updates in January 2015
CVEID: CVE-2015-0410**
DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2014-6593**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
IBM FlashSystem 840:
Machine Type 9840, model -AE1 (all supported releases)
Machine Type 9843, model -AE1 (all supported releases)
IBM FlashSystem V840:
Machine Type 9846, model -AE1 (all supported releases)
Machine Type 9848, model -AE1 (all supported releases)
Code level 1.1.3.6 and earlier are affected.
You should verify applying this fix does not cause any compatibility issues.
<Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
840 MTMs: | |||
9840-AE1 & | |||
9843-AE1 |
V840 MTMs: 9846-AE1 &
9848-AE1| A code fix is now available, the VRMF of this code level is 1.1.3.7 (or later)| _ _N/A| No work arounds or mitigations, other than applying this code fix, are known for this vulnerability
Note:
V840 customers must upgrade the code of both the -AE1 and -ACx (whether -AC0 or -AC1) nodes to address this vulnerability. A customer reading this to fix one model type (e.g. –AE1) should look for the corresponding security bulletin which describes how to fix the other model type (e.g. perhaps –AC0) in the customer’s V840.
Link to FlashSystem V840 fixes
None