Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAC6A2C7A52D3380E3B9D10675F40A644BED6E1B0A83D2CFB4876B327FB11700E
HistoryJun 15, 2018 - 7:02 a.m.

Security Bulletin: Vulnerabilities in OpenSSL (CVE-2014-3508 and CVE-2014-3509) affect the virtual machines deployed by IBM Workload Deployer.

2018-06-1507:02:21
www.ibm.com
11

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Summary

Nine OpenSSL vulnerabilities were disclosed in August 2014. This bulletin addresses the two vulnerabilities that are applicable to virtual machines which are deployed by IBM Workload Deployer using the IBM OS Image for Red Hat Linux Systems and the IBM OS Image for AIX Systems.

Vulnerability Details

CVEID:CVE-2014-3508
**** **DESCRIPTION: **
OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in OBJ_obj2txt. If applications echo pretty printing output, an attacker could exploit this vulnerability to read information from the stack.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95165 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

_ _ **CVEID: **CVE-2014-3509 ** ** **DESCRIPTION: **
OpenSSL is vulnerable to a denial of service, caused by a race condition in the ssl_parse_serverhello_tlsext() code. If a multithreaded client connects to a malicious server using a resumed session, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95159 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM Workload Deployer 3.1.0.7 and later.

Remediation/Fixes

Two emergency fixes are available that should be applied to the IBM OS Image for Red Hat Linux Systems and the IBM OS Image for AIX Systems.

For Red Hat Linux Systems, apply the following eFix:

http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Workload+Deployer&release=All&platform=All&function=fixId&fixids=HV_RHEL6_X64_PATCHES_EFIX&includeSupersedes=0

For AIX Systems, apply the following eFix:

http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq?mode=18&ID=3795&myns=pwraix71&mync=Ehttp://www14.software.ibm.com/webapp/set2/subscriptions/onvdq?mode=18&ID=3494&myns=pwraix71&mync=E_ _

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm workload deployereq3.1.0.7

Related

ibm 37
cve 3
ubuntucve 2
prion 3
f5 4
veracode 2
debiancve 2
openssl 2
openvas 34
nessus 48
redhat 4
oraclelinux 8
centos 2
freebsd_advisory 1
mageia 1
freebsd 1
aix 1
amazon 1
slackware 1
huawei 1
ubuntu 1
osv 1
debian 2
securityvulns 3
kaspersky 1
fedora 8
altlinux 5
gentoo 1
citrix 1
suse 2
lenovo 2
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL (CVE-2014-3508 and CVE-2014-3509) affect the virtual machines deployed by IBM PureApplication System.
2018-06-15 07:03:23
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System FC5022 16Gb SAN Scalable Switch Firmware (CVE-2014-3508, CVE-2014-3509, CVE-2014-3511)
2019-01-31 01:55:01
Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ Advanced Message Security for IBM i platform (CVE-2014-3508)
2018-06-15 07:01:35
cve
cve
CVE-2014-3508
2014-08-13 23:55:00
CVE-2014-3509
2014-08-13 23:55:00
CVE-2015-5334
2020-01-23 20:15:00
ubuntucve
ubuntucve
CVE-2014-3508
2014-08-07 00:00:00
CVE-2014-3509
2014-08-07 00:00:00
prion
prion
Design/Logic Flaw
2014-08-13 23:55:00
Race condition
2014-08-13 23:55:00
Stack overflow
2020-01-23 20:15:00
f5
f5
K15571 : OpenSSL vulnerability CVE-2014-3508
2014-09-05 00:00:00
SOL15571 - OpenSSL vulnerability CVE-2014-3508
2014-09-05 00:00:00
K15541 : OpenSSL vulnerability CVE-2014-3509
2014-09-12 00:00:00
veracode
veracode
Information Disclosure
2017-02-07 01:12:09
Denial Of Service (DoS) Through Memory Overwrite
2017-02-07 01:07:14
debiancve
debiancve
CVE-2014-3508
2014-08-13 23:55:00
CVE-2014-3509
2014-08-13 23:55:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-3508
2014-08-06 00:00:00
Vulnerability in OpenSSL CVE-2014-3509
2014-08-06 00:00:00
openvas
openvas
OpenSSL DoS Vulnerability (20140806) - Linux
2021-07-19 00:00:00
OpenSSL DoS Vulnerability (20140806) - Windows
2021-07-19 00:00:00
CentOS Update for openssl CESA-2014:1052 centos7
2014-09-10 00:00:00
nessus
nessus
OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities
2014-08-08 00:00:00
Mandriva Linux Security Advisory : openssl (MDVSA-2014:158)
2014-08-09 00:00:00
RHEL 6 : openssl (RHSA-2014:1054)
2014-11-08 00:00:00
redhat
redhat
(RHSA-2014:1052) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2014:1054) Moderate: openssl security update
2014-08-14 00:00:00
(RHSA-2015:0197) Moderate: rhevm-spice-client security and bug fix update
2014-07-25 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-08-13 00:00:00
openssl security update
2014-08-13 00:00:00
openssl security update
2014-10-16 00:00:00
centos
centos
openssl security update
2014-08-13 20:10:43
openssl security update
2014-08-13 19:52:24
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:18.openssl
2014-09-09 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2014-08-12 13:16:46
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-08-06 00:00:00
aix
aix
AIX OpenSSL Denial of Service due to double free and others
2014-09-09 00:50:00
amazon
amazon
Medium: openssl
2014-08-07 12:26:00
slackware
slackware
[slackware-security] openssl
2014-08-08 21:22:00
huawei
huawei
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
2014-10-08 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-08-07 00:00:00
osv
osv
openssl - security update
2014-08-07 00:00:00
debian
debian
[SECURITY] [DSA 2998-1] openssl security update
2014-08-06 23:44:13
[DLA 33-1] openssl security update
2014-08-07 20:36:09
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-08-07 00:00:00
Qualys Security Advisory - LibreSSL &#40;CVE-2015-5333 and CVE-2015-5334&#41;
2015-10-19 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
kaspersky
kaspersky
KLA10343 Multiple vulnerabilities in Stunnel
2014-08-07 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21
2015-01-02 05:06:53
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20
2014-08-09 07:36:05
[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19
2014-08-09 07:34:58
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt0.M70P.1
2014-10-31 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1j-alt1
2014-10-30 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2014-12-26 00:00:00
citrix
citrix
Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
2016-09-08 04:00:00
suse
suse
Security update for compat-openssl097g (important)
2015-03-24 00:05:09
Security update for libopenssl0_9_8 (important)
2016-03-03 14:11:44
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for AC6A2C7A52D3380E3B9D10675F40A644BED6E1B0A83D2CFB4876B327FB11700E
ibm37cve3ubuntucve2prion3f54veracode2debiancve2openssl2openvas34nessus48redhat4oraclelinux8centos2freebsd_advisory1mageia1freebsd1aix1amazon1slackware1huawei1ubuntu1osv1debian2securityvulns3kaspersky1fedora8altlinux5gentoo1citrix1suse2lenovo2