Lucene search

K
ibmIBM572755F417D8C0A349F42ACB777E649E28EA7F5CA30042D3C1C11C887826ED1A
HistoryJun 18, 2018 - 12:08 a.m.

Security Bulletin: IBM Real-time Compression Appliance is exposed to the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298.

2018-06-1800:08:27
www.ibm.com
30

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

Summary

Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project.
IBM Real-time Compression Appliance is exposed to CVE-2014-0224, CVE-2014-0198, CVE-2010-5298.

Vulnerability Details

CVE-ID:CVE-2014-0224

**DESCRIPTION:**OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify management traffic only.
CVSS Base Score: 5.8

CVE-ID**:** CVE-2014-0198 **DESCRIPTION: **OpenSSL that has SSL_MODE_RELEASE_BUFFERS enabled, is vulnerable to data injection across sessions or denial of service, by remote attackers via an SSL connection.
CVSS Base Score: 4.8

CVE-ID: CVE-2010-5298 DESCRIPTION: Open SSL is vulnerable to data injection across sessions and denial of service (use-after-free and parsing error) via an SSL connection in a multi threaded environment, caused when SSL_MODE_RELEASE_BUFFERS is enabled.
CVSS Base Score: 4

Affected Products and Versions

IBM Real-time Compression Appliance versions:
4.1.2
3.9.1
3.8.0

Remediation/Fixes

Customers are advised to upgrade to the following releases: 3.8.1.06, 3.9.1.07 or 4.1.2.03


7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N