Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)
IBM PSIRT 270004PFE3 email@example.com | | Tags:  psirthigh psirtsecurity
0 Comments | 619 Visits
IBM Security Network Intrusion Prevention System is affected by multiple vulnerabilities reported in Ruby on Rails. These vulnerabilities include multiple SQL injection, code execution, and denial of service vulnerabilities that could be exploited remotely by an attacker with access to the Local Management Interface (LMI).
Affected product(s) & Affected version(s):
Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions: 4.1, 4.2, 4.3, 4.4, 4.5
Refer to the following reference URLs for remediation and additional vulnerability details.