Lucene search

K
ibmIBM55916A93299C26CEFD57EAC9B4B44B5429F1C0F2F4BD066FC478F53F694F6BE0
HistoryDec 08, 2018 - 4:55 a.m.

Security Bulletin: OpenSSL 1.0.2 and 1.0.1 vulnerabilities (CVE-2016-0701 and CVE-2015-3197)

2018-12-0804:55:34
www.ibm.com
23

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Question

Security Bulletin: OpenSSL 1.0.2 and 1.0.1 vulnerabilities (CVE-2016-0701 and CVE-2015-3197)

Answer

Summary

Aspera software is not affected by vulnerabilities found in two versions of OpenSSL.

OpenSSL 1.0.2 has been found to contain vulnerabilities due to the use of unsafe primes in X9.42 style parameter files. Both OpenSSL 1.0.2 and 1.0.1 have been found to contain vulnerabilities in SSLv2 ciphers that have been disabled on a server.

It has been recommended to upgrade:

  • OpenSSL 1.0.2 to 1.0.2f
  • OpenSSL 1.0.1 to 1.0.1r

Impact

Aspera products are not exposed to these vulnerabilities. SSLv2 support has been disabled completely for Enterprise Server since version 3.5.4.

[{“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Product”:{“code”:“SS8NDZ”,“label”:“IBM Aspera”},“Component”:“”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“All Versions”,“Edition”:“”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]

CPENameOperatorVersion
ibm asperaeqany

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Related for 55916A93299C26CEFD57EAC9B4B44B5429F1C0F2F4BD066FC478F53F694F6BE0