4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM InfoSphere Guardium Data Redaction.
CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.
This vulnerability is also known as the FREAK attack.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM InfoSphere Guardium Data Redaction: 2.5, 2.5.1
<Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
InfoSphere Guardium Data Redaction| 2.5| <APAR>| http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=java-update-linux-SR16-FP3,java-update-win-SR16-FP3&includeSupersedes=0&source=fc
IfoSphere Guardium Data Redaction| 2.5.1| <APAR or None>| http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=java-update-linux-SR16-FP3,java-update-win-SR16-FP3&includeSupersedes=0&source=fc
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium | eq | 2.5 |