4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
IBM MessageSight has addressed the following vulnerability. A microprocessor side-channel vulnerability was found. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information that can result in leakage of secret data in applications such as OpenSSL.
CVEID: CVE-2018-5407
**DESCRIPTION:*Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on ‘port contention’.
CVSS Base Score: 5.1
CVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152484](< https://exchange.xforce.ibmcloud.com/vulnerabilities/152484>) for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected IBM MessageSight | Affected Versions |
---|---|
IBM MessageSight | 2.0.0.0 - 2.0.0.2 |
Pricipal Product/Version | Affected Supporting Product/Versions | Affected Supporting Product Security Bulletin |
---|---|---|
MessageSight 2.0.0.0 - 2.0.0.2 |
OpenSSL 1.1.0 (fixed in 1.1.0i)
| [
OpenSSL Security Advisory
](<https://www.openssl.org/news/secadv/20181112.txt>)
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm messagesight | eq | 2.0 |
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N