5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.2%
The RC4 “Bar Mitzvah” Attack for SSL/TLS affects DS8000
CVEID: CVE-2015-2808 **
DESCRIPTION:** The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve credit card data or other sensitive information. This vulnerability is commonly referred to as “Bar Mitzvah Attack”.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101851> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
The following products and versions are impacted:
Product Update
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
DS8870 < R7.2 | 87.31.16.0 or above | N/A | Already available |
DS8800 R6.3 | 86.31.152.0 | N/A | Already available |
DS8700 R6.3 | 76.31.131.0 | N/A | Already available |
Note: Customers applying updates should consult the DS8000 code recommendation page before requesting versions: <http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004456>
None
CPE | Name | Operator | Version |
---|---|---|---|
disk systems->ds8870 | eq | 6.3 | |
disk systems->ds8870 | eq | 7.0 | |
disk systems->ds8870 | eq | 7.1 | |
ibm ds8800 | eq | 6.3 | |
disk systems->ds8870 | eq | 7.0 | |
disk systems->ds8870 | eq | 7.1 |