KB Article #178493
Security vulnerabilities reported against ST appliances
The current KB outlines security vulnerabilities with respective CVE identifiers recently reported against SecureTransport Appliance OS platforms as well as provides information and steps how to obtain and apply the fixes released.
Detailed information on how to configure Axway SLES repositories, to obtain OS updates and OS security fixes on Axway appliances, as well how to use zypper to check for updates, download and install them are provided at:
- Installing security updates on Axway Appliances with "zypper"
- Accessing Axway Update Repositories over secured HTTPS connection
- How to check the SuSE Linux Axway repository for updates
List of security vulnerabilities, with or without CVE Identifiers, reported against SecureTransport application itself, are available within "Security Vulnerabilities (CVE) reported against SecureTransport" and "Security vulnerabilities, reported against SecureTransport, without formal CVE or CWE identifier" KB articles
| CVE | Score | Attack vector | Internal ID | APP version affected | APP version fixed | Comment | KB |
|---|---|---|---|---|---|---|---|
| 2017 | |||||||
| CVE-2017-1000364 | 6.89 | Local | RAPS-68 | 6.7.1 | 7.0.0 |
Link to the SUSE vulnerability report
upgrade to appliance version 7.0.0 use zypper to get updated kernel with fix from axway repository |
|
| CVE-2017-6074 | 7.8 | Local | RAPS-48 | 6.5.1 | N/A | No impact to the Appliance Platform (SuSE 11 SP4) | - |
| 2016 | |||||||
| CVE-2016-10088 | 7.0 | Local | RAPS-43 | 7.1.0 | N/A |
Link to the SUSE vulnerability report.
Kernel update to non-vulnerable version available at Axway repository. After installing the update and reboot kernel version should be: 3.0.101-94-default
|
- |
| CVE-2016-5696 | 4.8 | Network | RAPS-24 | 6.7.1 | N/A |
Link to the SUSE vulnerability report.
The kernel is updated for appliance platform 7.0.1 and above. Kernel update to non-vulnerable version available at Axway repository. |
- |
| CVE-2016-9311 | 5.9 | Network | RAPS-37 | 6.3.0 ~ 7.0.1 | N/A |
NTPD updates to non-vulnerable version are available at Axway repository.
http://www.kb.cert.org/vuls/id/633847 |
- |
| CVE-2016-9310 | 6.5 | Network | RAPS-37 | - | |||
| CVE-2016-7427 | 4.3 | Adjacent | RAPS-37 | - | |||
| CVE-2016-7428 | 4.3 | Adjacent | RAPS-37 | - | |||
| CVE-2016-9312 | 7.5 | Network | RAPS-37 | - | |||
| CVE-2016-7431 | 5.3 | Network | RAPS-37 | - | |||
| CVE-2016-7434 | 7.5 | Network | RAPS-37 | - | |||
| CVE-2016-7429 | 3.7 | Network | RAPS-37 | - | |||
| CVE-2016-7426 | 5.3 | Network | RAPS-37 | - | |||
| CVE-2016-7433 | 5.3 | Network | RAPS-37 | - | |||
| CVE-2016-1583 | 7.8 | Local | RAPS-20 | 6.7.1 | 7.0.1 | Upgrade to App 7.0.1, apply latest updates via zypper (zypper clean, refresh, update). Rerun scan and see if any of the issues are still reported as vulnerable. Any kernel vulnerabilities with in SuSE 11 SP4 have been or will be patched. | - |
| CVE-2016-0758 | 7.8 | Local | RAPS-20 | 6.7.1 | - | ||
| CVE-2016-4440 | 7.8 | Local | RAPS-20 | 6.7.1 | - | ||
| CVE-2016-5828 | 7.8 | Local | RAPS-20 | 6.7.1 | - | ||
| CVE-2012-6703 | 7.8 | Local | RAPS-20 | 6.7.1 | - | ||
| CVE-2014-9904 | 7.8 | Local | RAPS-20 | 6.7.1 | - | ||
| CVE-2016-5829 | 7.8 | Local | RAPS-20 | 6.7.1 | - | ||
| CVE-2016-3115 | 6.4 | Network | - | N/A | N/A | X11 forwarding is not included in app platforms image | - |
| CVE-2016-5195 | 7.8 | Local | - | All | All | Updates with fixes available at Axway repository. Please follow the steps outlined in the referred Axway KB. | KB178222 |
| 2015 | |||||||
| CVE-2015-0235 | 10 | Network exploitable | - | 6.5.x | 7.x | Updates for older APP platforms with fixes available within the referred Axway KB. Please follow the steps outlined in the referred Axway KB. | KB176788 |
| CVE-2015-7547 | 8.1 | Network | RAPS-1 | 6.7.1 ~ 7.0.0 | 7.0.1 | glibc updated to the latest version (2.11.3-17.95.2) and published to the Axway repository.
|
KB177741 |