KB Article #178493

Security vulnerabilities reported against ST appliances

The current KB outlines security vulnerabilities with respective CVE identifiers recently reported against SecureTransport Appliance OS platforms as well as provides information and steps how to obtain and apply the fixes released.


Detailed information on how to configure Axway SLES repositories, to obtain OS updates and OS security fixes on Axway appliances, as well how to use zypper to check for updates, download and install them are provided at:



List of security vulnerabilities, with or without CVE Identifiers, reported against SecureTransport application itself, are available within "Security Vulnerabilities (CVE) reported against SecureTransport" and "Security vulnerabilities, reported against SecureTransport, without formal CVE or CWE identifier" KB articles


CVE Score Attack vector Internal ID APP version affected APP version fixed Comment KB
2017
CVE-2017-1000364 6.89 Local RAPS-68 6.7.1 7.0.0
Link to the SUSE vulnerability report

upgrade to appliance version 7.0.0

use zypper to get updated kernel with fix from axway repository
CVE-2017-6074 7.8 Local RAPS-48 6.5.1 N/A No impact to the Appliance Platform (SuSE 11 SP4) -
2016
CVE-2016-10088 7.0 Local RAPS-43 7.1.0 N/A Link to the SUSE vulnerability report.

Kernel update to non-vulnerable version available at Axway repository. After installing the update and reboot kernel version should be: 3.0.101-94-default
-
CVE-2016-5696 4.8 Network RAPS-24 6.7.1 N/A Link to the SUSE vulnerability report.

The kernel is updated for appliance platform 7.0.1 and above. Kernel update to non-vulnerable version available at Axway repository.
-
CVE-2016-9311 5.9 Network RAPS-37 6.3.0 ~ 7.0.1 N/A NTPD updates to non-vulnerable version are available at Axway repository.

http://www.kb.cert.org/vuls/id/633847
-
CVE-2016-9310 6.5 Network RAPS-37 -
CVE-2016-7427 4.3 Adjacent RAPS-37 -
CVE-2016-7428 4.3 Adjacent RAPS-37 -
CVE-2016-9312 7.5 Network RAPS-37 -
CVE-2016-7431 5.3 Network RAPS-37 -
CVE-2016-7434 7.5 Network RAPS-37 -
CVE-2016-7429 3.7 Network RAPS-37 -
CVE-2016-7426 5.3 Network RAPS-37 -
CVE-2016-7433 5.3 Network RAPS-37 -
CVE-2016-1583 7.8 Local RAPS-20 6.7.1 7.0.1 Upgrade to App 7.0.1, apply latest updates via zypper (zypper clean, refresh, update). Rerun scan and see if any of the issues are still reported as vulnerable. Any kernel vulnerabilities with in SuSE 11 SP4 have been or will be patched. -
CVE-2016-0758 7.8 Local RAPS-20 6.7.1 -
CVE-2016-4440 7.8 Local RAPS-20 6.7.1 -
CVE-2016-5828 7.8 Local RAPS-20 6.7.1 -
CVE-2012-6703 7.8 Local RAPS-20 6.7.1 -
CVE-2014-9904 7.8 Local RAPS-20 6.7.1 -
CVE-2016-5829 7.8 Local RAPS-20 6.7.1 -
CVE-2016-3115 6.4 Network - N/A N/A X11 forwarding is not included in app platforms image -
CVE-2016-5195 7.8 Local - All All Updates with fixes available at Axway repository. Please follow the steps outlined in the referred Axway KB. KB178222
2015
CVE-2015-0235 10 Network exploitable - 6.5.x 7.x Updates for older APP platforms with fixes available within the referred Axway KB. Please follow the steps outlined in the referred Axway KB. KB176788
CVE-2015-7547 8.1 Network RAPS-1 6.7.1 ~ 7.0.0 7.0.1 glibc updated to the latest version (2.11.3-17.95.2) and published to the Axway repository. KB177741