Lucene search

K
ibmIBM88ED6434C339FC19F1478A1680F90F3960F8FBFEE85C7C4B449C4E1407DD071F
HistorySep 15, 2022 - 6:51 p.m.

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects WebSphere Process Server and WebSphere Process Server Hypervisor Editions (CVE-2015-0138)

2022-09-1518:51:00
www.ibm.com
23

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.5%

Summary

The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Full Profile (and IBM WebSphere Application Server Hypervisor Edition) that is used by WebSphere Process Server (and WebSphere Process Server Hypervisor Editions).

Vulnerability Details

CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.

This vulnerability is also known as the FREAK attack.

CVSS Base Score: 4.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

  • WebSphere Process Server V7.0
  • WebSphere Process Server Hypervisor Editions V6.2, V7.0

For earlier unsupported versions of the above products IBM recommends upgrading to a fixed, supported version of the products.

Remediation/Fixes

Please consult the security bulletin Security Bulletin: Vulnerability with RSA Export Keys may affect IBM WebSphere Application Server (CVE-2015-0138) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.5%

Related for 88ED6434C339FC19F1478A1680F90F3960F8FBFEE85C7C4B449C4E1407DD071F