4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.578 Medium
EPSS
Percentile
97.6%
A security vulnerability has been discovered in GSKit used with IBM Security Network Intrusion Prevention System.
CVE ID: CVE-2015-1788
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. IBM GSKit has the same vulnerability.
CVSS Base Score: 5.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions 4.6.2, and 4.6.1
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Intrusion Prevention System | Firmware version 4.6.2| 4.6.2.0-ISS-ProvG-AllModels-Hotfix-FP0012
IBM Security Network Intrusion Prevention System | Firmware version 4.6.1| 4.6.1.0-ISS-ProvG-AllModels-Hotfix-FP0013
None
CPE | Name | Operator | Version |
---|---|---|---|
proventia network intrusion prevention system | eq | 4.6.1 | |
proventia network intrusion prevention system | eq | 4.6.2 |