Lucene search

K
ibmIBM00CCFCA9A5F16E5078CC3A0799E78508D7F8D9C3DC2CB9C2E2996EDDB6A762AD
HistoryJun 18, 2018 - 12:34 a.m.

Security Bulletin: Open Source OpenSSL Vulnerabilities in IBM Network Advisor

2018-06-1800:34:55
www.ibm.com
5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Summary

Open Source OpenSSL Vulnerabilities in IBM Network Advisor (CVE-2017-3733).

Vulnerability Details

Relevant CVE Information:

CVEID: CVE-2017-3733**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error during a renegotiate handshake when the original handshake did not include the Encrypt-Then-Mac extension. A remote authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122091 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

IBM Network Advisor prior to release 14.0.2

Remediation/Fixes

Fixed in IBM Network Advisor 14.0.2

Workarounds and Mitigations

NA

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P