Skip to content
  • There are no suggestions because the search field is empty.

ESA-2015-107: RSA Security Analytics and RSA NetWitness Security Update for multiple Embedded Component Vulnerabilities

Tags: RSA NetWitness Platform, Security Advisories

Advisory Type

Security


Advisory Content

EMC Identifier: ESA-2015-107

CVE Identifier: CVE-2014-8137, CVE-2014-8138, CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9029, CVE-2014-9636, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-0240, CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0437

Severity Rating: CVSS v2 Base Score: See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected products: 

  • RSA Security Analytics 10.4.x
  • RSA Security Analytics 10.3.x
  • RSA Security Analytics 10.2.x
  • RSA Security Analytics 10.1.x
  • RSA Security Analytics 10.0.x
  • RSA NetWitness 9.8.x
  • RSA NetWitness 9.7.x
  • RSA NetWitness 9.6.x

Summary:

Multiple embedded components within RSA Security Analytics and RSA NetWitness require a security update to address various vulnerabilities.  

Details: 

Multiple embedded components within RSA Security Analytics and RSA NetWitness have been updated to address the following security vulnerabilities:

á         Jasper: CVE-2014-8137, CVE-2014-8138, CVE-2014-9029

á         unzip: CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636

á         OpenSSL: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293

á         Samba: CVE-2015-0240

á         java-1.7.0-openjdk/java-1.8.0-openjdk: CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0437

For more information about the OpenSSL vulnerabilities, please visit the original OpenSSL advisory: https://openssl.org/news/secadv_20150319.txt

For more information about the Java vulnerabilities, please refer to the following Red Hat advisories:

á         https://rhn.redhat.com/errata/RHSA-2015-0067.html

á         https://rhn.redhat.com/errata/RHSA-2015-0069.html

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.   To search for a particular CVE, use the databaseÕs search utility at http://web.nvd.nist.gov/view/vuln/search

 

Recommendation:

RSA strongly recommends that Security Analytics and NetWitness customers install this release at the earliest opportunity. Please see the release notes for additional information.