5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.028 Low
EPSS
Percentile
90.5%
IBM InfoSphere Master Data Management is vulnerable to OpenSSL vulnerability that could allow an attacker to obtain sensitive information by triggering an out-of-bounds read and resulting in the incorrect text display of the certificate.
CVEID: CVE-2017-3735**
DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131047 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
This vulnerability is known to affect the following offerings:
Affected IBM Initiate Master Data Service
|
Affected Versions
—|—
IBM Initiate Master Data Service| 10.1
IBM InfoSphere Master Data Management| 11.0
IBM InfoSphere Master Data Management| 11.3
IBM InfoSphere Master Data Management| 11.4
IBM InfoSphere Master Data Management| 11.5
IBM InfoSphere Master Data Management| 11.6
The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
Product**** | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Initiate Master Data Service |
10.1
| None| 10.1.031518_IM_Initiate_MasterDataService_ALL_Refresh Pack
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.0
| None| 11.0.0.7-MDM-SAE-FP07IF0090_ _
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.3
| None| 11.3.0.7-MDM-SE-AE-FP07IF000
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.4
| None| 11.4.0.8-MDM-SAE-FP08IF000
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.5
| None| 11.5.0.6-MDM-SAE-FP06IF000
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.6
| None| _11.6.0.4-MDM-SE-AE _
None
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.028 Low
EPSS
Percentile
90.5%