Lucene search

K
ibmIBMB51D99D86CED67DF6757132756808A5EAA1BF4A4EE18BF022043B8AD63E81DE0
HistoryJun 15, 2018 - 7:04 a.m.

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM API Management (CVE-2015-7575)

2018-06-1507:04:56
www.ibm.com
7

0.003 Low

EPSS

Percentile

69.2%

Summary

The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM API Management.

Vulnerability Details

CVEID: CVE-2015-7575

DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials.

CVSS Base Score: 7.1

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109415 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)

Affected Products and Versions

IBM API Management V4.0

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM API Management| 4.0.0| LI78931| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Management&release=4.0.4.0&platform=All&function=all

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm api managementeq4.0