Lucene search

K
ibmIBMA21160CD167CEB07B665A0A9788C062C19FA75832274194D0CFF1E816F29CA4D
HistoryJun 18, 2018 - 12:09 a.m.

Security Bulletin: Real-time compression appliance (CVE-CVE-2015-3216)

2018-06-1800:09:58
www.ibm.com
6

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

Summary

Real time compression appliance affected by one Open SSL issue.

Vulnerability Details

CVEID: CVE-2015-3216

DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103915 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Version

| Release|Remediation/First Fix
—|—|—
4.1.2| 4.1.2.14| 4.1.2.14
3.9.1| NA| NA
3.8.0| NA| NA

Remediation/Fixes

4.1.2.14 Fix is now available - 4.1.2.14

For 3.8 IBM recommends upgrading to a fixed, supported version/release/platform of the product.

For 3.9 IBM recommends upgrading to a fixed, supported version/release/platform of the product

Workarounds and Mitigations

None

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

Related for A21160CD167CEB07B665A0A9788C062C19FA75832274194D0CFF1E816F29CA4D