IBM Storwize V3700: Important vulnerabilities discovered – patch now!

IBM / Lenovo just send out 3 FLASH: Security Bulletins:

FLASH: Security Bulletin: OpenSLP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (2020.07.21)

FLASH: Security Bulletin: Network Security (NSS) vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (2020.07.21)

FLASH: Security Bulletin: Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (2020.07.21)

The OpenSLP is the most dangerous one:

OpenSLP, as used in Vmware used in ESXi and the Horizon DaaS appliances, is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by slpd_process.c. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 9.8

Download the new code here:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Entry-level%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V3700&release=All&platform=All&function=all

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close