Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0734)

Summary

A security vulnerability has been identified in OpenSSL that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152085&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Upgrade to 4.3 FP 13:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FOther software&amp;product=ibm/Other+software/Cloud+Manager+with+Openstack&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=4.3.0.13-IBM-CMWO-FP13&amp;includeSupersedes=0

Workarounds and Mitigations

None