Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAEA9186AAE3F26B06583CD167C84248C6540B24189EEC7058E5A70A44891CC48
HistoryJan 31, 2019 - 1:55 a.m.

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware. (CVE-2015-2808)

2019-01-3101:55:01
www.ibm.com
8

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Summary

The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware.

Vulnerability Details

Summary

The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware.

Vulnerability Details

CVE-ID: CVE-2015-2808

Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve credit card data or other sensitive information. This vulnerability is commonly referred to as “Bar Mitzvah Attack”.

CVSS Base Score: 5
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/101851&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected products and versions

IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware versions 9.1.0.xx, 9.1.1.xx, 9.1.2.xx, and 9.1.3.xx.

Remediation/Fixes

Firmware updates are available at IBM Fix Central: <http://www.ibm.com/support/fixcentral/&gt;.

It is recommended to apply the following fix for IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware: qlgc_fw_flex_9.1.5.03.00_anyos_noarch version 9.1.5.03.00 (or a later version).

Workarounds and Mitigations

None.

Reference

Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Subscribe to Security Bulletins

Acknowledgement

None.

Change History
05 May 2015: Original Copy Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

ibm 174
nessus 12
f5 2
openvas 3
veracode 1
huawei 1
prion 1
cve 1
debiancve 1
ubuntucve 1
aix 1
checkpoint_advisories 1
ibm
ibm
Security Bulletin:Vulnerability in RC4 stream cipher affects IBM WebSphere Cast Iron Solution (CVE-2015-2808)
2018-06-15 07:02:58
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Network Advisor (CVE-2015-2808)
2018-06-18 00:09:56
Security Bulletin:A security vulnerability has been identified in Tivoli Network Manager IP Edition and IBM WebSphere Application Server shipped with Tivoli Network Manager IP Edition. (CVE-2015-2808)
2018-06-17 15:09:03
nessus
nessus
F5 Networks BIG-IP : SSL/TLS RC4 vulnerability (K16864) (Bar Mitzvah)
2015-09-18 00:00:00
Atlassian JIRA < 6.4.10 / 7.0.0-OD-02 MitM Plaintext Disclosure (Bar Mitzvah)
2015-12-07 00:00:00
AIX 6.1 TL 9 : bos.net.tcp.server (U863668) (Bar Mitzvah)
2015-12-04 00:00:00
f5
f5
K16864 : SSL/TLS RC4 vulnerability CVE-2015-2808
2015-08-17 00:00:00
SOL16864 - SSL/TLS RC4 vulnerability CVE-2015-2808
2015-07-08 00:00:00
openvas
openvas
F5 BIG-IP - SSL/TLS RC4 vulnerability CVE-2015-2808
2015-09-18 00:00:00
SSL/TLS: Report Weak Cipher Suites
2012-03-01 00:00:00
HPE Network Products Multiple Remote Vulnerabilities
2016-11-25 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 05:39:15
huawei
huawei
Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
2015-09-19 00:00:00
prion
prion
Design/Logic Flaw
2015-04-01 02:00:00
cve
cve
CVE-2015-2808
2015-04-01 02:00:00
debiancve
debiancve
CVE-2015-2808
2015-04-01 02:00:00
ubuntucve
ubuntucve
CVE-2015-2808
2015-03-31 00:00:00
aix
aix
Vulnerability in RC4 stream cipher affects AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on VIOS
2015-04-27 15:27:04
checkpoint_advisories
checkpoint_advisories
Weak SSL RC4 Cipher Suites (CVE-2013-2566; CVE-2015-2808)
2015-05-17 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for AEA9186AAE3F26B06583CD167C84248C6540B24189EEC7058E5A70A44891CC48
ibm174nessus12f52openvas3veracode1huawei1prion1cve1debiancve1ubuntucve1aix1checkpoint_advisories1