Lucene search

K
ibmIBM6E088849F2D21A817D3C2D5C5E8FB823C516F9443AF071C84B5A47DDF587C9A0
HistorySep 20, 2019 - 10:07 a.m.

Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1559

2019-09-2010:07:28
www.ibm.com
4

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Summary

IBM MQ for HP NonStop Server has addressed the following vulnerability: CVE-2019-1559

Vulnerability Details

CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. An attacker could exploit this vulnerability using a 0-byte record padding-oracle attack to decrypt traffic.
CVSS Base Score: 5.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157514&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Affected Products and Versions

IBM MQ V8.0 for HPE NonStop (X and Itanium)

|

8.0. all versions

—|—

IBM MQ V5.3.1 for HPE NonStop (Itanium)

|

5.3.1 all versions

Remediation/Fixes

IBM MQ V8.1 for HPE NonStop (X and Itanium) Fixpack 1

|

8.1.0.1

|

IT29676

|

Apply fixpack 8.1.0.1

—|—|—|—

IBM MQ V5.3.1 for HPE NonStop (Itanium) Fixpack 16

|

5.3.1.16

|

IT29707

|

Apply fixpack 5.3.1.16

Workarounds and Mitigations

None

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Related for 6E088849F2D21A817D3C2D5C5E8FB823C516F9443AF071C84B5A47DDF587C9A0