IBM2FF76E02773F487219316986D6FB9DBAF647611A435291298F156E3F77A86705Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition, Versions 1.6 and 1.7, affect IBM SPSS Analytic Server (CVE-2015-0138)
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Summary
The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 1.6 and 1.7, that is used by IBM SPSS Analytic Server.
Vulnerability Details
CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.
This vulnerability is also known as the FREAK attack.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Products and Versions
-
- SPSS Analytic Server 1.0.1
- SPSS Analytic Server 2.0
Remediation/Fixes
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spss analytic server | eq | 2.0 | |
| ibm spss analytic server | eq | 1.0.1 |
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N