Lucene search

IBM5456485B8C11147F0268CBD3CE78D642DD6C83E91EF7D3CF6FD3CED026F38978

HistoryNov 10, 2020 - 10:33 a.m.

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System

2020-11-1010:33:48

www.ibm.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Summary

RedHat provided OpenSSL package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2019-1559
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. An attacker could exploit this vulnerability using a 0-byte record padding-oracle attack to decrypt traffic.
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Integrated Analytics System	1.0.0-1.0.23.0

Remediation/Fixes

Update to the following IBM Integrated Analytics System release :

Product	VRMF	Remediation / First Fix
IBM Integrated Analytics System	1.0.24.0	Link to Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm integrated analytics systemeqany

CPE	Name	Operator	Version
	ibm integrated analytics system	eq	any

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for 5456485B8C11147F0268CBD3CE78D642DD6C83E91EF7D3CF6FD3CED026F38978