HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Array Setup and Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

Is Nimble Vulnerable to ShellShock or Man-in-the-Middle?

 
SOLVED
Go to solution
Joseph Stanczak
Occasional Advisor

Is Nimble Vulnerable to ShellShock or Man-in-the-Middle?

I see Heartbleed was mitigated, but what of these other two recent vulnerabilities?

4 REPLIES
Joseph Stanczak
Occasional Advisor

Re: Is Nimble vulnerable to ShellShock or Man-in-the-Middle?

M-I-M = css-Injection vulnerability

edayeh69
Valued Contributor

Re: Is Nimble vulnerable to ShellShock or Man-in-the-Middle?

Hi Joseph,

I know for a fact that ShellShock has been dealt with. You can see our response to this threat by logging into Infosight, then clicking on help in the top right. Once on the Help page, you should select Bulletins on the left hand side of the page and this will bring up a list of all recent bulletins. The first one should be a response to ShellShock.

With respect to MIM, I don't believe we are vulnerable to this but by all means, please ask support for verification as they will have the most up to date information on this.

Regards,

Ezat

edayeh69
Valued Contributor
Solution

Re: Is Nimble vulnerable to ShellShock or Man-in-the-Middle?

Hi Joseph,

I have found that MITM has also been dealt with. This is described in Nimble Storage Field Alert #: EXT-0005 which can also be found under the Help menu in Infosight under Alerts. The ShellShock statement is detailed under Nimble Storage Field Alert #: EXT-0006 as well.

Hopefully this answers your questions and if you have any others, please feel free to post under another topic.

Regards,

Ezat

Joseph Stanczak
Occasional Advisor

Re: Is Nimble vulnerable to ShellShock or Man-in-the-Middle?

Thank you Ezat - thought I did a thorough search on those notifications - must have missed something.