Lucene search

K
ibmIBMB9F91BB9AF79551491131CC624EE620167816941A3794D15E5EBBB59281D3108
HistoryJun 16, 2018 - 10:03 p.m.

Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in libtasn1 (CVE-2015-2806, CVE-2015-3622)

2018-06-1622:03:36
www.ibm.com
14

EPSS

0.924

Percentile

99.0%

Summary

IBM Security Access Manager has addressed these vulnerabilities, which affect the IBM Security Access Manager appliances.

Vulnerability Details

CVEID: CVE-2015-3622**
DESCRIPTION:** GNU Libtasn1 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the _asn1_extract_der_octet() function. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102782 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-2806**
DESCRIPTION:** An unspecified error in libtasn1 related to asn1_der_decoding has an unknown impact and attack vector.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102548 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

Affected IBM Security Access Manager Appliance

|

Affected Versions

—|—
IBM Security Access Manager| 9.0.3.0

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation / First Fix

—|—|—|—
IBM Security Access Manager| 9.0.3.0| IJ00234| Upgrade to 9.0.3.1:
9.0.3-ISS-ISAM-FP0001

Workarounds and Mitigations

None.

CPENameOperatorVersion
ibm security access managereq9.0.3