2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID: CVE-2013-0169
Description:
A weakness in the handling of CBC cipher suites in SSL, TLS and DTLS exploits timing differences arising during MAC processing. OpenSSL versions affected include 1.0.1c, 1.0.0j and 0.9.8x.
Note: This vulnerability is only partially mitigated when OpenSSL is used in conjunction with the OpenSSL FIPS Object Module and the FIPS mode of operation is enabled.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81902> for the current score. *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
IBM Rational Build Forge version 8.0 and all earlier versions.
Upgrade to Rational Build Forge Fix Pack 1 (8.0.0.1) for 8.0
None
CPE | Name | Operator | Version |
---|---|---|---|
rational build forge | eq | 7.0.2 | |
rational build forge | eq | 7.1 | |
rational build forge | eq | 8.0 |