Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Netcool Impact (CVE-2015-0138)

Summary

The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Version 6, 6.1, 7, and 8.5 that is used by Tivoli Netcool Impact.

Vulnerability Details

CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.

This vulnerability is also known as the FREAK attack.

CVSS Base Score: 4.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Tivoli Netcool Impact versions 5.1; 5.1.1; 6.1; 6.1.1; 7.1

Remediation/Fixes

VRMF

| Websphere release level| Remediation
—|—|—
7.1.0| 8.5| Apply Interim Fix PI36563 and 7.1.0-TIV-NCI-FP0003 for Java SDK upgrade fix for PI37013.
6.1.1| 7.0| Apply Interim Fix PI36563 and PI37013:
6.1| 7.0| Apply Interim Fix PI36563 and PI37013:
5.1.1| 6.1| Apply Interim Fix PI36563 and Fix PI37015
5.1| 6.1| Apply Interim Fix PI36563 and Fix PI37015

For more information and location of the above fixes see http://www-01.ibm.com/support/docview.wss?uid=swg21698613

Workarounds and Mitigations

See http://www-01.ibm.com/support/docview.wss?uid=swg21698613