7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.947 High
EPSS
Percentile
99.2%
OpenSSL vulnerabilities along with SSL 3 Fallback protection (TLS_FALLBACK_SCSV) were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Master Data Management. IBM InfoSphere Master Data Management has addressed the applicable CVEs and included the SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) provided by OpenSSL.
CVE-ID: CVE-2014-3513
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a memory leak in the DTLS Secure Real-time Transport Protocol (SRTP) extension parsing code. By sending multiple specially-crafted handshake messages, an attacker could exploit this vulnerability to exhaust all available memory of an SSL/TLS or DTLS server.
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97035 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-3567
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a memory leak when handling failed session ticket integrity checks. By sending an overly large number of invalid session tickets, an attacker could exploit this vulnerability to exhaust all available memory of an SSL/TLS or DTLS server.
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97036 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
These vulnerabilities are known to affect the following offerings:
·IBM Initiate Master Data Service versions 8.5, 9.0, 9.2, 9.5, 9.7, 10.0, 10.1 (impacts Master Data Engine component, Message Brokers component and Enterprise Integrator Toolkitcomponent)
·IBM Initiate Master Data Service Patient Hub versions 9.5, 9.7 (impacts Master Data Engine component, Message Brokers component and Enterprise Integrator Toolkitcomponent)
·IBM Initiate Master Data Service Provider Hub versions 9.5, 9.7 (impacts Master Data Engine component, Message Brokers component and Enterprise Integrator Toolkitcomponent)
·IBM InfoSphere Master Data Management Patient Hub version 10.0 (impacts Master Data Engine component, Message Brokers component and Enterprise Integrator Toolkitcomponent)
·IBM InfoSphere Master Data Management Provider Hub version 10.0 (impacts Master Data Engine component, Message Brokers component and Enterprise Integrator Toolkit component)
· IBM InfoSphere Master Data Management Standard/Advanced Edition version 11.0 (impacts Message Brokers component and Enterprise Integrator Toolkit component)
· IBM InfoSphere Master Data Management Standard/Advanced Edition version 11.3 (impacts Message Brokers component)
· IBM InfoSphere Master Data Management Standard/Advanced Edition version 11.4 (impacts Message Brokers component)
_For IBM Initiate Master Data Service V8.5: _
· Apply Fix 8.5.0.111414_IM_Initiate_MasterDataService_ALL_ifix from fix central.
_For IBM Initiate Master Data Service V9.0: _
· Apply Fix 9.0.0.111414_IM_Initiate_MasterDataService_ALL_ifix from fix central.
_For IBM Initiate Master Data Service V9.2: _
· Apply_ Fix 9.2.0.111414_IM_ Initiate_MasterDataService_ALL_ifix__ from fix central._
_For IBM Initiate Master Data Service V9.5: _
· Apply Fix 9.5.103114_IM_Initiate_MasterDataService_ALL_RefreshPack from fix central.
_For IBM Initiate Master Data Service Patient Hub V9.5: _
· Apply Fix 9.5.103114_IM_Initiate_Patient_ALL_RefreshPack from fix central.
_For IBM Initiate Master Data Service Provider Hub V9.5: _
· _Apply Fix 9.5.103114_IM_Initiate_Provider_ALL_RefreshPack from fix central. **
For IBM Initiate Master Data Service V9.7: _**
· Apply Fix 9.7.103114_IM_Initiate_MasterDataService_ALL_RefreshPack from fix central.
_For IBM Initiate Master Data Service Patient Hub V9.7: _
· Apply Fix 9.7.103114_IM_Initiate_Patient_ALL_RefreshPack from fix central.
_For IBM Initiate Master Data Service Provider Hub V9.7: _
· _Apply Fix 9.7.103114_IM_Initiate_Provider_ALL_RefreshPack from _fix central.
_For IBM Initiate Master Data Service V10.0: _
· Apply Fix 10.0.103114_IM_Initiate_MasterDataService_ALL_RefreshPack from fix central.
_For IBM InfoSphere Master Data Management Patient Hub V10.0: _
· Apply Fix 10.0.103114_IM_Initiate_Patient_ALL_RefreshPack from fix central.
_For IBM InfoSphere Master Data Management Provider Hub V10.0: _
· _Apply Fix 10.0.103114_IM_Initiate_Provider_ALL_RefreshPack from fix central. **
For IBM Initiate Master Data Service V10.1: _**
· _Apply Fix 10.1.103114_IM_Initiate_MasterDataService_ALL_RefreshPack from fix central. **
For IBM InfoSphere Master Data Management Standard/Advanced Edition V11.0: _**
· Apply Fix 11.0.0.2-MDM-SE-AE-FP02IF000_FC from fix central**.**
_For IBM InfoSphere Master Data Management Standard/Advanced Edition V11.3: _
· Apply Fix 11.3.0.1-MDM-SE-AE-FP01IF000_FC from fix central**.**
_For IBM InfoSphere Master Data Management Standard/Advanced Edition V11.4: _
· Apply Fix 11.4.0.0-MDM-IF001 fromfix central.
None known