GSKit is an IBM component that is used by IBM Rational RequisitePro. The GSKit that is shipped with Rational contains a security vulnerability and RequisitePro has addressed the applicable CVE.
CVEID: CVE-2015-0159 DESCRIPTION: An unspecified error in GSKit usage of OpenSSL crypto function related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact in some ECC operations.
CVSS Base Score: 2.6
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100835 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Version
|
Status
—|—
7.1.4 through 7.1.4.6
|
Affected
7.1.3 through 7.1.3.13
|
Affected
RequisitePro uses the GSKit for secure LDAP connections and for password generation.
Affected version
|
Applying the fix
—|—
7.1.4.x
|
Install Rational RequisitePro Fix Pack 7 (7.1.4.7) for 7.1.4
7.1.3.x
|
Install Rational RequisitePro Fix Pack 14 (7.1.3.14) for 7.1.3
None