4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Versions 7, 6 that is used by Rational Functional Tester.
CVEID: CVE-2015-0138
Description: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.
This vulnerability is also known as the FREAK attack.
CVSS Base Score: 4.3 CVSS Temporal Score: <http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691> for the current score. CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
All versions of Rational Functional Tester from 8.0.0.0 through 8.6.0.3
Vendor Fixes:
Product | VRMF | APAR | Remediation/First fix |
---|---|---|---|
RFT | 8.6.0 - 8.6.0.x | None |
Download the IBM SDK, Java Technology Edition, Version 7.0 Service Refresh 8 Fix Pack 10 iFix from the Fix Central and apply it.
Download the SWT Beans Library fix and apply it.
RFT| 8.5.1 - 8.5.1.x| None|
Download the IBM SDK, Java Technology Edition, Version 7.0 Service Refresh 8 Fix Pack 10 iFix from the Fix Central and apply it.
Download the SWT Beans Library fix and apply it
RFT| 8.5.0 - 8.5.0.x| None|
Download the IBM SDK, Java Technology Edition, Version 7.0 Service Refresh 8 Fix Pack 10 iFix from the Fix Central and apply it.
Download the SWT Beans Library fix and apply it.
RFT| 8.3.0 - 8.3.0.x| None|
Download the IBM SDK, Java Technology Edition, Version 7.0 Service Refresh 8 Fix Pack 10 iFix from the Fix Central and apply it.
Download the SWT Beans Library fix and apply it.
RFT| 8.2.2.x| None|
Download the IBM SDK, Java Technology Edition, Version 6.0 64-bit Service Refresh 16 Fix Pack 3 iFix from the Fix Central and apply it.
Download the SWT Beans Library fix and apply it.
RFT| 8.2.0 - 8.2.x.x| None|
Download the IBM SDK, Java Technology Edition, Version 6.0 Service Refresh 16 Fix Pack 3 iFix from the Fix Central and apply it.
Download the SWT Beans Library fix and apply it.
RFT| 8.1.0 - 8.1.x - 8.1.x.x| None|
Download the IBM SDK, Java Technology Edition, Version 6.0 Service Refresh 16 Fix Pack 3 iFix from the Fix Central and apply it.
Download the SWT Beans Library fix and apply it.
RFT| 8.0.0.x - 8.0.x.x| None|
Download the IBM SDK, Java Technology Edition, Version 6.0 Service Refresh 16 Fix Pack 3 iFix from the Fix Central and apply it.
Download the SWT Beans Library fix and apply it.
Note: You should verify that applying this fix does not cause any compatibility issues.
None