7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.954 High
EPSS
Percentile
99.3%
IBM InfoSphere Master Data Management is vulnerable to multiple OpenSSL vulnerabilities that could cause the application to crash, an attacker to obtain information about the private key, or cause a denial of service.
CVEID: CVE-2017-3730**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121311 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-3731**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121312 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-3732**
DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121313 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-7055**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118748 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
This vulnerability is known to affect the following offerings:
Affected IBM Initiate Master Data Service
|
Affected Versions
—|—
IBM Initiate Master Data Service| 10.1
IBM InfoSphere Master Data Management| 11.0
IBM InfoSphere Master Data Management| 11.3
IBM InfoSphere Master Data Management| 11.4
IBM InfoSphere Master Data Management| 11.5
IBM InfoSphere Master Data Management| 11.6
The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
Product**** | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Initiate Master Data Service |
10.1
| None| 10.1.072717_IM_Initiate_MasterDataService_ALL_Interm Fix
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.0
| None| 11.0.0.6-MDM-SAE-FP06IF004_ _
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.3
| None| 11.3.0.6-MDM-SE-AE-FP06IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.4
| None| 11.4.0.7-MDM-SE-AE-FP07IF002
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.5
| None| 11.5.0.5-MDM-SAE-FP05IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.6
| None| 11.6.0.2-MDM-SAE-IF001
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.954 High
EPSS
Percentile
99.3%