There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in July 2018.
CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
IBM Storwize V7000 Unified
The product is affected when running supported code releases 1.6.0.0 to 1.6.2.4. The product running unsupported code releases 1.5 or earlier are also affected.
A fix for these issues is in version v1.6.2.5 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.6.2.5 or a later version.
Latest Storwize V7000 Unified Software
Systems running an unsupported version (v1.5 or earlier) should be upgraded to the current release containing the security fixes.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm storwize v7000 unified (2073) | eq | any |