Skip to content
  • There are no suggestions because the search field is empty.

ESA-2016-021: RSA Security Analytics Security Update for multiple Embedded Component Vulnerabilities (SA 10.5.2, 10.6.0.1)

Tags: RSA NetWitness Platform, Security Advisories

Advisory Type

Security


Advisory Content

EMC Identifier: ESA-2016-021

CVE Identifier:

CVE-2015-8704, CVE-2015-8138, CVE-2015-7236, CVE-2015-3223, CVE-2015-5330, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-4871, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494

Severity Rating: CVSS v2 Base Score: See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected Products: 

. RSA Security Analytics 10.5.0.x, 10.5.1.x, and 10.6.0.0

Summary:

Multiple components within RSA Security Analytics require a security update to address various vulnerabilities.


Details:

Multiple components within the RSA Security Analytics have been updated to address various vulnerabilities:

The embedded components are updated for the following vulnerabilities:

·        Bind: CVE-2015-8704

·        NTP: CVE-2015-8138

·        Rpcbind: CVE-2015-7236

·        Libldb: CVE-2015-3223, CVE-2015-5330

·        Samba: CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540

·        Java: CVE-2015-4871, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494

    For more information about the Java vulnerabilities, please visit the Redhat advisory:

    https://rhn.redhat.com/errata/RHSA-2016-0050.html

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database   (NVD) at http://nvd.nist.gov/home.cfm.   To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/search/.

Recommendation:

The following RSA Security Analytics release contains resolutions to these vulnerabilities:

·         RSA Security Analytics version 10.5.2

·         RSA Security Analytics version 10.6.0.1

RSA recommends all customers upgrade at the earliest opportunity.

For additional documentation, downloads, and more, visit the Security Analytics on RSA Link

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details.
Product Version Life Cycle