Support Content Notification - Support Portal

BSA-2017-332

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21665

Last Updated

10 September 2018

Initial Publication Date

23 June 2017

Status

Closed

Severity

High

CVSS Base Score

8.2

WorkAround

N/A

Affected CVE

CVE-2017-1289

Summary
Security Advisory ID : BSA-2017-332
Component : IBM JDK
Revision : 3.0: Final

IBM JDK versions 6.0.16.45, 7.0.10.5, 7.1.4.5, and 8.0.4.5 correct a security issue. IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources.

Affected Products
Brocade Network Advisor - Fixed in 14.3.0

Products Confirmed Not Vulnerable
Brocade Fabric OS

Workaround
There are no workarounds that address this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	June 23, 2017
2.0	Updated to address NOS & WC	October 13, 2017
3.0	Updated with BNA version and to reflect Fiber Channel Products Only.	September 10, 2018

Summary Security Advisory ID : BSA-2017-332 Component : IBM JDK Revision : 3.0: Final

Revision History

Summary
Security Advisory ID : BSA-2017-332
Component : IBM JDK
Revision : 3.0: Final