5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.3%
The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM® FlashSystem™ 840 and IBM FlashSystem 900.
CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve credit card data or other sensitive information. This vulnerability is commonly referred to as “Bar Mitzvah Attack”.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101851 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
FlashSystem 840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE1 and 9843-AE1.
FlashSystem 900 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE2 and 9843-AE2.
FS840 & FS900 MTMs
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FlashSystem****840 MTM:
9840-AE1 &
9843-AE1
FlashSystem 900 MTMs:
9840-AE2 &
9843-AE2| A code fix is now available, the VRMF of this code level is 1.3.0.2 (or later)| _ _N/A| No workarounds or mitigations, other than applying this code fix, are known for this vulnerability
1.3.0.2 is available @ IBM’s Fix Central :840 fixes, download 1.3.0.2 or later*
1.3.0.2 is available @ IBM’s Fix Central :900 fixes, download 1.3.0.2 or later*
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm flashsystem 900 | eq | any | |
ibm flashsystem 900 | eq | any |