Lucene search

K
ibmIBM8CB9D0387141654C3CF6D4DE9206C4786C02BFC2860F29D379CC3D78BAF86A49
HistoryJul 24, 2020 - 11:08 p.m.

Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by an OpenSSL Vulnerability (CVE-2018-0732)

2020-07-2423:08:59
www.ibm.com
13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Summary

Security vulnerability was disclosed on Jun 12, 2018 by the OpenSSL Project. OpenSSl is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE.

Vulnerability Details

CVE-ID:CVE-2018-0732
Description: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.
CVSS Base Score: 3.7
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/144658&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products and Versions

IBM Sterling Connect:Express for UNIX 1.5.0.15

  • All versions prior to 1.5.0.15 iFix 150-1509

Remediation/Fixes

VRMF APAR Remediation/First Fix
1.5.0.15 TBD Apply 1.5.0.15 iFix 150-1509, available on Fix Central.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm sterling connect:expresseqany

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P