Lucene search

K
ibmIBMB2A692687E0D397416E3549B4377E5B3319BF086A451607250B307F6DEECCF53
HistoryJun 17, 2018 - 4:47 a.m.

Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-0169)

2018-06-1704:47:31
www.ibm.com
17

0.005 Low

EPSS

Percentile

77.3%

Summary

SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

CVEID: CVE-2013-0169

Description:
A weakness in the handling of CBC cipher suites in SSL, TLS and DTLS exploits timing differences arising during MAC processing. OpenSSL versions affected include 1.0.1c, 1.0.0j and 0.9.8x.

Note: This vulnerability is only partially mitigated when OpenSSL is used in conjunction with the OpenSSL FIPS Object Module and the FIPS mode of operation is enabled.

CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81902&gt; for the current score. *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM Rational Build Forge version 8.0 and all earlier versions.

Remediation/Fixes

Upgrade to Rational Build Forge Fix Pack 1 (8.0.0.1) for 8.0

Workarounds and Mitigations

None