Lucene search

K
ibmIBM5884DB36BB444C82DF22D31A407164BD9785D01D1382BDD13D8EC0CE83E4CEDD
HistoryJun 28, 2023 - 10:14 p.m.

Security Bulletin: security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-1559)

2023-06-2822:14:50
www.ibm.com
29

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.3%

Summary

OpenSSL is shipped with IBM Tivoli Network Manager IP Edition version 3.9. Information about a security vulnerability affecting Open SSL has been published here.

Vulnerability Details

**CVE-ID:*CVE-2019-1559
Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. An attacker could exploit this vulnerability using a 0-byte record padding-oracle attack to decrypt traffic.
CVSS Base Score: 5.8
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/157514&gt; for more information
CVSS Environmental Score
: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Affected Products and Versions

IBM Tivoli Network Manager IP Edition v3.9 Fix Pack 4 & Fix Pack 5.

Remediation/Fixes

IBM Tivoli Network Manager IP Edition 3.9 FP4 and FP5 |APAR IJ15786 |

Please call IBM service and reference APAR IJ15786, to obtain a fix.

—|—|—

Workarounds and Mitigations

Only customers on ITNM v3.9 FP4 or FP5 who have Java SSL Collectors enabled may be affected. These collectors are not enabled by default.

CPENameOperatorVersion
tivoli network manager ip editioneq3.9

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.3%

Related for 5884DB36BB444C82DF22D31A407164BD9785D01D1382BDD13D8EC0CE83E4CEDD