Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5DCC17701181B94DD8824D74861D161BFC41BD476FE2A4330A846D997458492A
HistoryJun 17, 2018 - 3:12 p.m.

Security Bulletin: Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2014-3569, CVE-2015-0205)

2018-06-1715:12:14
www.ibm.com
7

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM MessageSight. IBM MessageSight has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2014-3569
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash.

CVSS Base Score: 5
CVSS Temporal Score: See<https://exchange.xforce.ibmcloud.com/vulnerabilities/99706&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-0205
DESCRIPTION: OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key.

CVSS Base Score: 2.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99708&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N)

Affected Products and Versions

IBM MessageSight V1.1 and V1.2

Remediation/Fixes

Product

| VRMF| APAR| Remediation / First Fix
—|—|—|—
IBM MessageSight| 1.1| IT07319| 1.1.0.1-IBM.IMA-IFIT07005
IBM MessageSight| 1.2| IT07319| 1.2.0.0-IBM-IMA-IFIT07005

CPENameOperatorVersion
ibm messagesighteq1.1
ibm messagesighteq1.2

Related

ibm 45
openssl 2
checkpoint_advisories 1
f5 4
nessus 45
ubuntucve 2
cve 3
veracode 2
prion 2
debiancve 2
openvas 31
kaspersky 2
slackware 1
altlinux 6
osv 2
cisco 1
freebsd_advisory 1
freebsd 1
archlinux 1
securityvulns 9
debian 3
suse 5
amazon 1
mageia 1
fedora 3
centos 1
ubuntu 1
oraclelinux 5
redhat 1
aix 1
citrix 1
oracle 5
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem V840, (CVE-2015-0205, CVE-2014-8275, CVE-2014-3569, CVE-2014-3570, and CVE-2014-3572)
2018-06-18 00:09:27
Security Bulletin: Vulnerabilities in OpenSSL affect IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models, (CVE-2015-0205, CVE-2014-8275, CVE-2014-3569, CVE-2014-3570, and CVE-2014-3572)
2023-02-18 01:45:50
Security Bulletin: Vulnerabilities OpenSSL affect SAN Volume Controller and Storwize Family (CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205)
2023-03-29 01:48:02
openssl
openssl
Vulnerability in OpenSSL CVE-2014-3569
2014-10-21 00:00:00
Vulnerability in OpenSSL CVE-2015-0205
2015-01-08 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL ssl23_get_client_hello Function Denial of Service (CVE-2014-3569)
2015-01-12 00:00:00
f5
f5
SOL16135 - OpenSSL vulnerability CVE-2015-0205
2015-02-12 00:00:00
K16135 : OpenSSL vulnerability CVE-2015-0205
2015-09-16 00:00:00
SOL16013 - OpenSSL vulnerability CVE-2014-3569
2015-01-28 00:00:00
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (SOL16135)
2015-02-18 00:00:00
Juniper NSM < 2012.2R11 Multiple OpenSSL Vulnerabilities (JSA10679) (FREAK)
2015-04-21 00:00:00
Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10679) (FREAK)
2015-04-21 00:00:00
ubuntucve
ubuntucve
CVE-2015-0205
2015-01-08 00:00:00
CVE-2014-3569
2014-12-24 00:00:00
cve
cve
CVE-2015-0205
2015-01-09 02:59:00
CVE-2014-3569
2014-12-24 11:59:00
CVE-2015-3569
2016-04-26 10:59:00
veracode
veracode
Access Bypass
2017-02-10 01:42:04
Denial Of Service (DoS) Through Null Pointer Dereference
2017-02-06 08:21:22
prion
prion
Authentication flaw
2015-01-09 02:59:00
Null pointer dereference
2014-12-24 11:59:00
debiancve
debiancve
CVE-2015-0205
2015-01-09 02:59:00
CVE-2014-3569
2014-12-24 11:59:00
openvas
openvas
OpenSSL Multiple Vulnerabilities (20150108 - 2) - Windows
2021-07-19 00:00:00
OpenSSL Multiple Vulnerabilities (20150108 - 2) - Linux
2021-07-19 00:00:00
Slackware: Security Advisory (SSA:2015-009-01)
2022-04-21 00:00:00
kaspersky
kaspersky
KLA10460 Multiple vulnerabilities in OpenSSL
2015-01-08 00:00:00
KLA10553 Denial of service vulnerabilities in Oracle MySQL
2015-04-16 00:00:00
slackware
slackware
[slackware-security] openssl
2015-01-09 18:34:39
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt0.M70P.1
2015-01-12 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0p-alt0.M60P.1
2015-04-23 00:00:00
osv
osv
openssl - security update
2015-01-11 00:00:00
openssl - security update
2014-11-01 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
2015-03-10 16:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:01.openssl
2015-01-14 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2015-01-08 00:00:00
archlinux
archlinux
openssl: multiple issues
2015-01-09 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2015-01-13 00:00:00
[security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager &#40;VCRM&#41; on Windows and Linux, Multiple Vulnerabilities
2015-09-14 00:00:00
[security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities
2015-09-14 00:00:00
debian
debian
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
[SECURITY] [DLA 81-1] openssl security update
2014-11-01 15:49:46
suse
suse
Security update for openssl (important)
2015-01-23 20:05:13
Security update for MySQL (important)
2015-05-26 15:04:53
Security update for libressl (important)
2015-07-22 15:08:14
amazon
amazon
Medium: openssl
2015-01-11 12:36:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2015-01-11 22:54:28
fedora
fedora
[SECURITY] Fedora 21 Update: openssl-1.0.1k-1.fc21
2015-01-13 00:02:20
[SECURITY] Fedora 20 Update: openssl-1.0.1e-41.fc20
2015-01-20 21:05:44
[SECURITY] Fedora 20 Update: openssl-1.0.1e-42.fc20
2015-03-23 07:18:26
centos
centos
openssl security update
2015-01-20 21:00:39
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-01-12 00:00:00
oraclelinux
oraclelinux
openssl security update
2015-01-20 00:00:00
openssl security update
2016-09-27 00:00:00
openssl security update
2021-04-01 00:00:00
redhat
redhat
(RHSA-2015:0066) Moderate: openssl security update
2015-01-20 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-02-04 06:24:41
citrix
citrix
Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
2016-09-08 04:00:00
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON
Related for 5DCC17701181B94DD8824D74861D161BFC41BD476FE2A4330A846D997458492A
ibm45openssl2checkpoint_advisories1f54nessus45ubuntucve2cve3veracode2prion2debiancve2openvas31kaspersky2slackware1altlinux6osv2cisco1freebsd_advisory1freebsd1archlinux1securityvulns9debian3suse5amazon1mageia1fedora3centos1ubuntu1oraclelinux5redhat1aix1citrix1oracle5