5.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
GSKit is an IBM component that is used by Host On-Demand. GSKit that is shipped with Host On-Demand contains security vulnerability. Host On-Demand has addressed it.
CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel Sandy-Bridge microarchitecture. An attacker could exploit this vulnerability to recover RSA keys.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111144 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Host On-Demand 13.0
Host On-Demand 12.0, 12.0.0.1, 12.0.1, 12.0.2, 12.0.3
_ Product_ | _ VRMF_ | _ Remediation_ |
---|---|---|
Host On-Demand | 12.0 | Upgrade to Host On-Demand 12.0.4 |
Host On-Demand | 12.0.0.1 | Upgrade to Host On-Demand 12.0.4 |
Host On-Demand | 12.0.1 | Upgrade to Host On-Demand 12.0.4 |
Host On-Demand | 12.0.2 | Upgrade to Host On-Demand 12.0.4 |
Host On-Demand | 12.0.3 | Upgrade to Host On-Demand 12.0.4 |
Host On-Demand | 13.0 | Upgrade to Host On-Demand 13.0.1 |
None
5.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N