4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
GSKit is an IBM component that is used by IBM Security Network Protection. The GSKit that is shipped with IBM Security Network Protection contains multiple security vulnerabilities including the FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM Security Network Protection has addressed the applicable CVEs.
CVEID: CVE-2015-0138 **
DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.
This vulnerability is also known as the FREAK attack.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Product
| Version|Remediation
—|—|—
IBM Security Network Protection| 5.2| 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008
IBM Security Network Protection| 5.3| Firmware Update 5.3.0.5** **https://ibmss.flexnetoperations.com/
You should verify applying this fix does not cause any compatibility issues.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security network protection | eq | 5.2.0 | |
ibm security network protection | eq | 5.3 |