Multiple vulnerabilities in IBM Virtualization Engine TS7700
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-10345 CVE-2017-10295 CVE-2017-10356 CVE-2018-2579 CVE-2018-2633 CVE-2018-2783 CVE-2018-2790 |
| CWE-ID | CWE-264 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Virtualization Engine TS7700 3957-VEC Hardware solutions / Firmware Virtualization Engine TS7700 3957-VEB Other software / Other software solutions Virtualization Engine TS7700 3957-V07 Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU8871
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10345
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service.
Install update from vendor's website.
Vulnerable software versionsVirtualization Engine TS7700 3957-VEC: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-VEB: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-V07: before 8.41.200.113 VTD_EXEC.269
CPE2.3http://www.ibm.com/support/pages/node/651061
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU8867
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10295
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to access potentially sensitive information.
The weakness exists due to a flaw in the Javadoc component. A remote attacker can partially modify arbitrary files on the target system.
Install update from vendor's website.
Vulnerable software versionsVirtualization Engine TS7700 3957-VEC: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-VEB: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-V07: before 8.41.200.113 VTD_EXEC.269
CPE2.3http://www.ibm.com/support/pages/node/651061
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU9120
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10356
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The weakness exists due to a flaw in the Security component. A remote
attacker can gain unauthorized access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsVirtualization Engine TS7700 3957-VEC: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-VEB: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-V07: before 8.41.200.113 VTD_EXEC.269
CPE2.3http://www.ibm.com/support/pages/node/651061
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU10125
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-2579
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw in the Java SE, Java SE Embedded,
JRockit Libraries component. A remote attacker can partially access data.
Install update from vendor's website.
Vulnerable software versionsVirtualization Engine TS7700 3957-VEC: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-VEB: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-V07: before 8.41.200.113 VTD_EXEC.269
CPE2.3http://www.ibm.com/support/pages/node/651061
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Privilege escalation
EUVDB-ID: #VU10135
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-2633
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges.
The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JNDI component. A remote attacker can gain system privileges on the target system.
Install update from vendor's website.
Vulnerable software versionsVirtualization Engine TS7700 3957-VEC: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-VEB: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-V07: before 8.41.200.113 VTD_EXEC.269
CPE2.3http://www.ibm.com/support/pages/node/651061
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security restrictions bypass
EUVDB-ID: #VU11946
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-2783
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE due to improper security restrictions. A remote attacker can create, delete or modify critical data or all Java SE, Java SE Embedded, JRockit accessible data and gain unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.
Install update from vendor's website.
Vulnerable software versionsVirtualization Engine TS7700 3957-VEC: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-VEB: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-V07: before 8.41.200.113 VTD_EXEC.269
CPE2.3http://www.ibm.com/support/pages/node/651061
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security restrictions bypass
EUVDB-ID: #VU11947
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-2790
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.
The weakness exists in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE due to improper security restrictions. A remote attacker can trick the victim into opening a specially crafted file and update, insert or delete some of Java SE, Java SE Embedded accessible data.
Install update from vendor's website.
Vulnerable software versionsVirtualization Engine TS7700 3957-VEC: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-VEB: before 8.41.200.113 VTD_EXEC.269
Virtualization Engine TS7700 3957-V07: before 8.41.200.113 VTD_EXEC.269
CPE2.3http://www.ibm.com/support/pages/node/651061
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
