Lucene search

K
ibmIBM62E23437974E48A449C2EB8CE3148CD724E7039E419C0CE0AE579DF2B11560EA
HistoryJan 11, 2021 - 8:25 a.m.

Security Bulletin: CVE-2020-1968 vulnerability in OpenSSL may affect IBM Workload Scheduler

2021-01-1108:25:56
www.ibm.com
18

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Summary

OpenSSL vulnerability CVE-2020-1968 has been disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Scheduler. IBM Workload Scheduler has addressed the CVE

Vulnerability Details

CVEID:CVE-2020-1968
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite, an attacker could exploit this vulnerability to eavesdrop on all encrypted communications sent over that TLS connection.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187977 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Workload Scheduler 9.5
IBM Workload Scheduler 9.4

Remediation/Fixes

APAR IJ27350 has been opened to address the openssl vulnerabilities for IBM Workload Scheduler.
APAR IJ27350 has been included in 9.4.0-TIV-TWS-FP0007 and 9.5.0-TIV-TWS-FP0003.
For Unsupported releases IBM recommends upgrading to a fixed, supported release of the product.

Workarounds and Mitigations

None

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Related for 62E23437974E48A449C2EB8CE3148CD724E7039E419C0CE0AE579DF2B11560EA