IBM Cloud Private for Data is affected by a vulnerability in OpenSSL, CVE-2019-1559) that could allow a remote attacker to obtain sensitive information.
CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. An attacker could exploit this vulnerability using a 0-byte record padding-oracle attack to decrypt traffic.
CVSS Base Score: 5.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157514> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
IBM Cloud Private for Data V1.1.0
IBM Cloud Private for Data V1.2.0
IBM Cloud Private for Data V1.2.1
IBM Cloud Private for Data V2.1.0
No workarounds are available at this time.