5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM.
CVEID: CVE-2015-2808
DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to obtain sensitive information. This vulnerability is commonly referred to as “Bar Mitzvah Attack”.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101851 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Releases 6.1, 7.1 and 7.2 of IBM i are affected.
The issue can be fixed by applying PTF’s to IBM i and following the remediation plan below. NOTE: Please read this entire section for the list PTF numbers for IBM i:
Please review this document for IBM i remediation steps: http://www.ibm.com/support/docview.wss?uid=nas8N1020681
Releases 6.1, 7.1 and 7.2 of IBM i are supported and will be fixed.
The IBM i PTF numbers are:
IBM i OS and options:
**Release 6.1 –**SI56418
Release 7.1 – SI56419
**Release 7.2 –**SI56643
IBM i Java:
Java for IBM i: 5761-JV1 & 5770-JV1
For details on Java for IBM i, see the details on the Java for IBM i page on developerWorks:
http://www.ibm.com/developerworks/ibmi/techupdates/java
The IBM i Group PTF numbers for Java are:
Release 6.1 – SF99562 level 32 Release 7.1 – SF99572 level 21 Release 7.2 – SF99716 level 6
_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
N/A