Skip to content
  • There are no suggestions because the search field is empty.

ESA-2015-138: RSA Security Analytics and RSA NetWitness Security Update for multiple Embedded Component Vulnerabilities (Q3 2015 Security Update)

Tags: RSA NetWitness Platform, Security Advisories

Advisory Type

Security


Advisory Content

EMC Identifier: ESA-2015-138

CVE Identifier: CVE-2011-5321, CVE-2013-1752, CVE-2014-1912, CVE-2015-3167, CVE-2014-4650, CVE-2014-7185, CVE-2014-8176, CVE-2014-9297, CVE-2014-9298, CVE-2014-9585, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1798, CVE-2015-1799, CVE-2015-2721, CVE-2015-2730, CVE-2015-3165, CVE-2015-3166, CVE-2015-3405, and CVE-2015-4000

Severity Rating: CVSS v2 Base Score: See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected products: 

  • RSA Security Analytics 10.5.x
  • RSA Security Analytics 10.4.x
  • RSA Security Analytics 10.3.x
  • RSA Security Analytics 10.2.x
  • RSA Security Analytics 10.1.x
  • RSA Security Analytics 10.0.x
  • RSA NetWitness 9.8.x
  • RSA NetWitness 9.7.x
  • RSA NetWitness 9.6.x

Summary:

Multiple embedded components within RSA Security Analytics and RSA NetWitness require a security update to address various vulnerabilities.

Details:

Multiple embedded components within RSA Security Analytics and RSA NetWitness have been updated to address the following security vulnerabilities:

  • NSS: CVE-2015-2721, CVE-2015-2730, and CVE-2015-4000
  • NTP: CVE-2014-9297, CVE-2014-9298, CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405
  • Postgresql: CVE-2015-3165, CVE-2015-3166, and CVE-2015-3167
  • Python: CVE-2013-1752, CVE-2014-1912, CVE-2014-4650, and CVE-2014-7185
  • OpenSSL:, CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791,
    CVE-2015-1792, and CVE-2015-4000

For more information about the OpenSSL vulnerabilities, please visit the original OpenSSL advisory:

https://rhn.redhat.com/errata/RHSA-2015-1115.html

https://rhn.redhat.com/errata/RHSA-2015-1072.html

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm​.   To search for a particular CVE, use the databases search utility at http://web.nvd.nist.gov/view/vuln/search

Recommendation:

RSA strongly recommends that Security Analytics and NetWitness customers install this release at the earliest opportunity. Please see the release notes for additional information.