Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB0B2CF40868B4302CFBE035F022B0A34510073B77BF967D89E00A584DAB0297B
HistoryOct 24, 2019 - 9:50 p.m.

Security Bulletin: Vulnerabilities in GSKit affect IBM Rational RequisitePro (CVE-2015-0159)

2019-10-2421:50:51
www.ibm.com
6
JSON

Summary

GSKit is an IBM component that is used by IBM Rational RequisitePro. The GSKit that is shipped with Rational contains a security vulnerability and RequisitePro has addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2015-0159 DESCRIPTION: An unspecified error in GSKit usage of OpenSSL crypto function related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact in some ECC operations.
CVSS Base Score: 2.6
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100835 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Version

|

Status

—|—

7.1.4 through 7.1.4.6

|

Affected

7.1.3 through 7.1.3.13

|

Affected

RequisitePro uses the GSKit for secure LDAP connections and for password generation.

Remediation/Fixes

Affected version

|

Applying the fix

—|—

7.1.4.x

|

Install Rational RequisitePro Fix Pack 7 (7.1.4.7) for 7.1.4

7.1.3.x

|

Install Rational RequisitePro Fix Pack 14 (7.1.3.14) for 7.1.3

Workarounds and Mitigations

None

Related

ibm 21
cve 1
ibm
ibm
Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearQuest (CVE-2015-0159)
2018-09-29 18:04:03
Security Bulletin: A security vulnerability has been identified in IBM Tivoli Directory Server and IBM Security Directory Server shipped with IBM PureApplication System. (CVE-2015-0138)
2018-06-15 07:02:43
Security Bulletin: Vulnerabilities in GSKit fixed in IBM Security/Tivoli Directory Server (CVE-2015-0138, CVE-2015-0159)
2018-06-16 21:23:03
cve
cve
CVE-2015-0159
2015-03-25 01:59:00
JSON
Related for B0B2CF40868B4302CFBE035F022B0A34510073B77BF967D89E00A584DAB0297B
ibm21cve1