5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise . The DataDirect ODBC Drivers and level of node js used by IBM App Connect Enterprise and IBM Integration Bus have addressed the applicable CVEs
CVEID:CVE-2019-1551
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. By performing a man-in-the-middle attack, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172752 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
IBM App Connect V11.0.0.0 - V11.0.0.8
IBM Integration Bus V10.0.0.0 -V10.0.0.21
IBM Integration Bus V9.0.0.0 - V9.0.0.11
Product
|
VRMF
| APAR |
Remediation / Fix
—|—|—|—
IBM App Connect | V11.0.0.0-V11.0.0.8 | IT32544,IT31649 |
The APAR is available in fix pack 11.0.0.9
IBM App Connect Enterprise Version V11-Fix Pack 11.0.0.9
IBM Integration Bus | V10.0.0.0 - V10.0.0.21 | IT32544,IT31649 |
The APAR is available in fix pack 10.0.0.22
IBM Integration Bus V10.0 - Fix Pack 10.0.0.22
IBM Integration Bus | V9.0.0.0 - V9.0.0.11 | IT32544,IT31649 |
Contact IBM support to request for Fix APAR
IBM Integration Bus V9_ is no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product. _
If you are a customer with extended support and require a fix, contact IBM support.
_IT31649 which addresses the vulnerabilities in DataDirect ODBC Drivers used by IBM App Connect and IBM Integration Bus , is also resolved in 10.0.0.20 & 11.0.0.8. _
None
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N