Security Bulletin: SLOTH - Weak MD5 Signature Hash vulnerability in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services (CVE-2015-7575)

Summary

SLOTH - Weak MD5 Signature Hash vulnerability in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services (CVE-2015-7575)

Vulnerability Details

CVEID: CVE-2015-7575**
DESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109415 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)

Affected Products and Versions

IBM SPSS Collaboration and Deployment Services 4.2.1, 5.0, 6.0, and 7.0

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
SPSS Collaboration and Deployment Services| 4.2.1| 4.2.1
SPSS Collaboration and Deployment Services| 5.0| 5.0
SPSS Collaboration and Deployment Services| 6.0| 6.0
SPSS Collaboration and Deployment Services| 7.0| 7.0

Workarounds and Mitigations

None