Lucene search
IBM369BDDF6CC179DAD8EF6F1A96D99E7F510FDC033A592EFF2D7048EFE0E21292AHistoryJan 09, 2020 - 3:39 p.m.
Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a timing side channel attack (CVE-2018-0734)
2020-01-0915:39:50
www.ibm.com
10
EPSS
0.003
Percentile
71.6%
Summary
OpenSSL as used in IBM QRadar SIEM is vulnerable to a timing side channel attack
Vulnerability Details
CVEID:CVE-2018-0734
**DESCRIPTION:**The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152085 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM QRadar SIEM 7.3.0 - 7.3.3 GA
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.2 Patch 6
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 1
Workarounds and Mitigations
None
Related
ibm
ibm
openvas
openvas
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1654)
2020-01-23 00:00:00
OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) - Windows
2018-11-01 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1755)
2020-01-23 00:00:00
ubuntucve
ubuntucve
CVE-2018-0734
2018-10-30 00:00:00
cbl_mariner
cbl_mariner
CVE-2018-0734 affecting package nodejs 8.11.4-7
2021-08-11 06:39:34
prion
prion
Design/Logic Flaw
2018-10-30 12:29:00
veracode
veracode
Side-Channel Attack
2018-10-30 03:53:03
nessus
nessus
EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2008)
2019-09-24 00:00:00
EulerOS 2.0 SP8 : openssl (EulerOS-SA-2019-1654)
2019-06-27 00:00:00
Amazon Linux AMI : openssl (ALAS-2019-1153)
2019-03-26 00:00:00
amazon
amazon
cvelist
cvelist
CVE-2018-0734 Timing attack against DSA
2018-10-30 00:00:00
redhatcve
redhatcve
CVE-2018-0734
2018-10-30 16:49:12
debiancve
debiancve
CVE-2018-0734
2018-10-30 12:29:00
openssl
openssl
Vulnerability in OpenSSL CVE-2018-0734
2018-10-30 00:00:00
osv
osv
CVE-2018-0734
2018-10-30 12:29:00
openssl1.0 - security update
2018-12-19 00:00:00
openssl - security update
2018-11-30 00:00:00
cve
cve
CVE-2018-0734
2018-10-30 12:29:00
nvd
nvd
CVE-2018-0734
2018-10-30 12:29:00
alpinelinux
alpinelinux
CVE-2018-0734
2018-10-30 12:29:00
symantec
symantec
OpenSSL Vulnerabilities Oct 2018 - Jul 2019
2019-09-05 08:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0210
2020-02-21 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0199
2018-12-14 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0210
2020-02-21 00:00:00
f5
f5
K43741620 : OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735
2018-12-15 00:00:00
slackware
slackware
[slackware-security] openssl
2018-11-22 06:43:55
suse
suse
Security update for openssl (moderate)
2018-11-24 18:18:01
Security update for openssl-1_1 (moderate)
2018-11-24 18:11:36
Security update for openssl-1_0_0 (moderate)
2018-12-08 15:08:25
archlinux
archlinux
[ASA-201812-8] openssl-1.0: private key recovery
2018-12-08 00:00:00
[ASA-201812-7] lib32-openssl-1.0: private key recovery
2018-12-08 00:00:00
[ASA-201812-6] lib32-openssl: private key recovery
2018-12-08 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2018-11-27 18:26:11
centos
centos
openssl security update
2019-08-30 03:49:42
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2q-alt1
2018-12-19 00:00:00
freebsd
freebsd
OpenSSL -- Multiple vulnerabilities in 1.1 branch
2018-10-29 00:00:00
aix
aix
There are vulnerabilities in OpenSSL used by AIX.
2018-12-11 09:37:36
redhat
redhat
(RHSA-2019:2304) Moderate: openssl security and bug fix update
2019-08-06 08:23:32
(RHSA-2019:3700) Low: openssl security, bug fix, and enhancement update
2019-11-05 20:52:19
cloudfoundry
cloudfoundry
USN-3840-1: OpenSSL vulnerabilities | Cloud Foundry
2018-12-27 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: openssl-1.1.1a-1.fc29
2019-01-18 02:14:55
[SECURITY] Fedora 31 Update: compat-openssl10-1.0.2o-8.fc31
2019-09-21 00:04:14
[SECURITY] Fedora 30 Update: compat-openssl10-1.0.2o-7.fc30
2019-09-25 01:08:23
ubuntu
ubuntu
OpenSSL vulnerabilities
2018-12-06 00:00:00
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2019-11-14 00:00:00
openssl security update
2019-08-19 00:00:00
openssl security and bug fix update
2019-08-13 00:00:00
debian
debian
[SECURITY] [DSA 4355-1] openssl1.0 security update
2018-12-19 22:29:59
[SECURITY] [DSA 4348-1] openssl security update
2018-11-30 22:26:20
EPSS
0.003
Percentile
71.6%
Related for 369BDDF6CC179DAD8EF6F1A96D99E7F510FDC033A592EFF2D7048EFE0E21292A