Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM58C9C23A20C5D55610ECFF1953DA7C91CDE42118EE0F8DBDBF1D696C4A948D37
HistoryOct 31, 2022 - 2:06 p.m.

Security Bulletin: IBM DataPower Gateway vulnerable to a flaw in OpenSSL (CVE-2017-3732)

2022-10-3114:06:33
www.ibm.com
135

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.3%

JSON

Summary

A carry propagating bug in the OpenSSL x86_64 Montgomery squaring procedure may impact DH-based ciphersuites. This issue has been addressed in DataPower v2018.4.1.23.

Vulnerability Details

CVEID:CVE-2017-3732
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/121313 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM DataPower Gateway 2018.4.1 2018.4.1.0 - 2018.4.1.22

Remediation/Fixes

Affected product Fixed in version APAR
IBM DataPower Gateway 2018.4.1 2018.4.1.23 IT42112

Workarounds and Mitigations

Remove any DH-based ciphersuites from client and server TLS profiles. These ciphersuites are not included in the default list.

CPENameOperatorVersion
ibm datapower gatewayeq2018.4.1

Related

veracode 2
openvas 17
ibm 105
nessus 30
prion 2
alpinelinux 2
cve 2
ubuntucve 2
debiancve 2
osv 2
f5 2
openssl 2
altlinux 5
symantec 1
mageia 2
huawei 1
fedora 2
slackware 1
freebsd_advisory 1
archlinux 2
fortinet 1
cisco 1
nodejsblog 1
freebsd 1
gentoo 1
redhatcve 1
suse 2
amazon 2
cloudfoundry 1
ubuntu 1
redhat 2
veracode
veracode
Information Disclosure
2017-03-16 17:01:35
Vulnerability Through C Libraries
2017-11-01 05:30:33
openvas
openvas
Oracle Mysql Security Updates (jul2017-3236622) 06 - Windows
2017-07-19 00:00:00
Oracle Mysql Security Updates (jul2017-3236622) 06 - Linux
2017-07-19 00:00:00
F5 BIG-IP - OpenSSL vulnerability CVE-2017-3732
2017-02-21 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Systems Director Platform Agent (CVE-2017-3731, CVE-2017-3732)
2018-06-18 01:35:39
Security Bulletin: Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections is affected by GSKit and GSKit-Crypto vulnerabilities
2018-07-12 10:16:52
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for HP NonStop (CVE-2016-7055, CVE-2017-3732)
2020-07-24 22:19:08
nessus
nessus
OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities
2017-02-02 00:00:00
F5 Networks BIG-IP : OpenSSL vulnerability (K44512851)
2017-02-17 00:00:00
SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2017:0431-1)
2019-01-02 00:00:00
prion
prion
Design/Logic Flaw
2017-05-04 19:29:00
Buffer overflow
2017-12-07 16:29:00
alpinelinux
alpinelinux
CVE-2017-3732
2017-05-04 19:29:00
CVE-2017-3738
2017-12-07 16:29:00
cve
cve
CVE-2017-3732
2017-05-04 19:29:00
CVE-2017-3738
2017-12-07 16:29:00
ubuntucve
ubuntucve
CVE-2017-3732
2017-01-26 00:00:00
CVE-2017-3738
2017-12-07 00:00:00
debiancve
debiancve
CVE-2017-3732
2017-05-04 19:29:00
CVE-2017-3738
2017-12-07 16:29:00
osv
osv
CVE-2017-3732
2017-05-04 19:29:00
CVE-2017-3738
2017-12-07 16:29:00
f5
f5
K44512851 : OpenSSL vulnerability CVE-2017-3732
2017-02-16 00:00:00
K34681653 : OpenSSL vulnerability CVE-2017-3738
2018-01-26 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2017-3732
2017-01-26 00:00:00
Vulnerability in OpenSSL CVE-2017-3738
2017-12-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2k-alt1
2017-01-26 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2k-alt1
2017-01-26 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.2k-alt0.M80P.1
2017-01-27 00:00:00
symantec
symantec
SA141 : OpenSSL Vulnerabilities 26-Jan-2017
2017-02-09 08:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2017-02-05 23:42:41
Updated openssl packages fix security vulnerabilities
2017-12-17 02:20:04
huawei
huawei
Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products
2017-05-03 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: openssl-1.0.2k-1.fc24
2017-02-09 20:52:22
[SECURITY] Fedora 25 Update: openssl-1.0.2k-1.fc25
2017-02-08 01:54:49
slackware
slackware
[slackware-security] openssl
2017-02-10 20:40:56
freebsd_advisory
freebsd_advisory
FreeBSD-SA-17:02.openssl
2017-02-23 00:00:00
archlinux
archlinux
[ASA-201701-36] lib32-openssl: multiple issues
2017-01-27 00:00:00
[ASA-201701-37] openssl: multiple issues
2017-01-28 00:00:00
fortinet
fortinet
OpenSSL Security Advisory [26 Jan 2017]
2018-07-13 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
2017-01-30 21:28:00
nodejsblog
nodejsblog
OpenSSL update, 1.0.2k
2017-01-27 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2017-01-26 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2017-02-14 00:00:00
redhatcve
redhatcve
CVE-2017-3738
2019-10-08 22:39:45
suse
suse
Security update for openssl (important)
2017-12-16 15:07:17
Security update for openssl (important)
2017-12-16 06:08:45
amazon
amazon
Medium: openssl
2018-05-10 17:29:00
Medium: openssl
2018-04-26 17:38:00
cloudfoundry
cloudfoundry
USN-3181-1: OpenSSL vulnerabilities | Cloud Foundry
2017-06-02 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2017-01-31 00:00:00
redhat
redhat
(RHSA-2018:2568) Important: java-1.8.0-ibm security update
2018-08-27 14:09:01
(RHSA-2018:2187) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
2018-07-12 16:04:13

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.3%

JSON
Related for 58C9C23A20C5D55610ECFF1953DA7C91CDE42118EE0F8DBDBF1D696C4A948D37
veracode2openvas17ibm105nessus30prion2alpinelinux2cve2ubuntucve2debiancve2osv2f52openssl2altlinux5symantec1mageia2huawei1fedora2slackware1freebsd_advisory1archlinux2fortinet1cisco1nodejsblog1freebsd1gentoo1redhatcve1suse2amazon2cloudfoundry1ubuntu1redhat2