6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors has addressed the applicable CVEs.
CVE-ID:CVE-2015-0209
DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service.
CVSS Base Score: 7.50
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-ID:CVE-2015-0287
DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system.
CVSS Base Score: 7.50
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-ID:CVE-2015-0288
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference.
CVSS Base Score: 5.00
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID:CVE-2015-0289
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference.
CVSS Base Score: 5.00
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
SSM 4.0.0 FP1 - FP14 and Interim Fix 14-01 – Interim Fix 14-04
SSM 4.0.1 FP1 – FP2
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
4.0.1.2-TIV-SSM-IF0001| 4.0.1.2| None| http://www.ibm.com/support/docview.wss?uid=isg400002085
4.0.0.14-TIV-SSM-IF0005| 4.0.0.14| None| http://www.ibm.com/support/docview.wss?uid=isg400002088
None
CPE | Name | Operator | Version |
---|---|---|---|
netcool/system service monitor | eq | 4.0 |