The vulnerability of the OpenSSL library lies in its insufficient encryption strength, which allows attackers to intercept all encrypted messages sent over a TLS connection.

🗓️ 23 Feb 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

OpenSSL vulnerability from insufficient encryption strength lets attackers intercept TLS messages.

Reporter	Title	Published	Views	Family All 107
IBM Security Bulletins	Security Bulletin: Vulnerability in Fabric OS used by IBM b-type SAN directors and switches.	2 Jun 202121:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL	27 Apr 202210:23	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.	24 Feb 202122:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Aspera Webapps (Shares, Console) are vulnerable to an OpenSSL Vunerability (CVE-2020-7656).	17 Sep 202117:42	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2020-1968, CVE-2020-1971)	1 Feb 202120:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise (CVE-2020-1968)	19 Apr 202113:06	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2020-1968 vulnerability in OpenSSL may affect IBM Workload Scheduler	11 Jan 202108:25	–	ibm
IBM Security Bulletins	Security Bulletin: Potential TLS vulnerability using Diffie-Hellman TLS ciphersuites in IBM DataPower Gateway (CVE-2020-1968)	8 Jun 202121:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Waston Machine Learning Acclerator is affected by an OpenSSL 1.0.2k vulnerability	16 Jun 202107:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Safer Payment affected by OpenSSL Racoon Attack (CVE-2020-1968)	24 Apr 202314:13	–	ibm

Vulners

Node

oracle peoplesoft_enterprise_peopletoolsMatch8.56

OR

oracle peoplesoft_enterprise_peopletoolsMatch8.57

OR

oracle peoplesoft_enterprise_peopletoolsMatch8.58

OR

openssl opensslRange1.0.2–1.0.2v

OR

openssl opensslRange1.0.2–1.0.2v

OR

hitachi,hitachi_energy_gateway_station_(gws)Range<3.2.0.0

OR

hitachi,facts_control_platform_(fcp)Range≤3.12.0

OR

hitachi,facts_control_platform_(fcp)Range≤2.3.0

OR

hitachi,facts_control_platform_(fcp)Range≤1.3.0

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2020/09/msg00016.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-1968
security-tracker	www.security-tracker.debian.org/tracker/CVE-2020-1968
usn	www.usn.ubuntu.com/4504-1/
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
openssl	www.openssl.org/news/secadv/20200909.txt
oracle	www.oracle.com/security-alerts/cpujan2021.html
suse	www.suse.com/security/cve/CVE-2020-1968/
wiki	www.wiki.astralinux.ru/pages/viewpage.action
cisa	www.cisa.gov/uscert/ics/advisories/icsa-22-242-02

21 Nov 2023 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 33.7

CVSS 24.3

EPSS0.04803

OpenSSL library insufficient encryption remote attacker intercept encrypted messages