Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBA23DCD69B7D7B2ABD29A595E6EFF4BC0D7E0DF30561B219A131FBFA3EF8F550
HistoryJun 17, 2018 - 2:59 p.m.

Security Bulletin: Vulnerability with RSA Export Keys may affect IBM WebSphere Application Server shipped with IBM Tivoli Network Performance Manager (CVE-2015-0138)

2018-06-1714:59:15
www.ibm.com
4

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability (CVE-2015-0138) may affect some configurations of IBM WebSphere Application Server Full Profile shipped with IBM Tivoli Network Performance Manager

Vulnerability Details

CVEID: CVE-2015-0138**
DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.

This vulnerability is also known as the FREAK attack.

CVSS Base Score: 4.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Affected Product and Version(s)

| Product and Version shipped as component
—|—
Tivoli Network Performance Manager 1.4| Bundled the Jazz for Service Management version 1.1.0.2, IBM WebSphere version 8.5.0.1 and the JRE from IBM SDK Java 2 Technology Edition Version 7.
Tivoli Network Performance Manager 1.3.3| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6.
Tivoli Network Performance Manager 1.3.2| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6.
Tivoli Network Performance Manager 1.3.1| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6.

Remediation/Fixes

Apply workaround and mitigation in Vulnerability with RSA Export Keys may affect IBM WebSphere Application Server (CVE-2015-0138)

Related

ibm 142
aix 1
nessus 24
prion 1
cve 1
openvas 12
suse 8
kaspersky 1
redhat 5
veracode 4
ibm
ibm
Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM MQ Light (CVE-2015-0138)
2018-06-15 07:02:43
Security Bulletin: Vulnerability in IBM Java SDK affects Rational Functional Tester (CVE-2015-0138)
2018-09-29 20:06:32
Security Bulletin: Vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-0138)
2018-06-15 07:02:50
aix
aix
AIX IBM SDK Java JSSE vulnerability
2015-04-13 12:11:24
nessus
nessus
IBM HTTP Server 8.5.0.0 <= 8.5.5.5 / 8.0.0.0 <= 8.0.0.10 / 7.0.0.0 <= 7.0.0.37 / 6.1.0.0 <= 6.1.0.47 / 6.0.0.0 <= 6.0.2.43 (257477)
2020-12-15 00:00:00
AIX Java Advisory : Multiple Vulnerabilities (Bar Mitzvah)
2015-04-30 00:00:00
IBM DB2 10.5 < Fix Pack 6 Multiple Vulnerabilities (Bar Mitzvah)
2016-04-15 00:00:00
prion
prion
Design/Logic Flaw
2015-03-25 01:59:00
cve
cve
CVE-2015-0138
2015-03-25 01:59:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:1073-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1085-1)
2021-06-09 00:00:00
SUSE: Security Advisory for IBM Java (SUSE-SU-2015:1086-1)
2015-10-16 00:00:00
suse
suse
Security update for java-1_7_0-ibm (important)
2015-06-16 22:06:38
Security update for IBM Java (important)
2015-06-18 16:05:20
Security update for IBM Java (important)
2015-06-22 16:04:54
kaspersky
kaspersky
KLA10503 Multiple vulnerabilities in IBM products
2015-03-24 00:00:00
redhat
redhat
(RHSA-2015:1021) Important: java-1.5.0-ibm security update
2015-05-20 00:00:00
(RHSA-2015:1091) Low: Red Hat Satellite IBM Java Runtime security update
2015-06-11 00:00:00
(RHSA-2015:1020) Critical: java-1.7.1-ibm security update
2015-05-20 00:00:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:39:14
Sandbox Restrictions Bypass
2019-05-02 05:39:14
Insecure TLS Configurations
2019-05-02 05:39:14

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for BA23DCD69B7D7B2ABD29A595E6EFF4BC0D7E0DF30561B219A131FBFA3EF8F550
ibm142aix1nessus24prion1cve1openvas12suse8kaspersky1redhat5veracode4