IBMBCB02255385999D6A79CA098E1DAED7D13A3ED93999DA6C224FC3B39CA7C3CCFSecurity Bulletin: Denial of service vulnerability in OpenSSL affects IBM InfoSphere Master Data Management (CVE-2016-8610)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.202 Low
EPSS
Percentile
96.3%
Summary
IBM Initiate Master Data Service and IBM InfoSphere Master Data Management are vulnerable to a OpenSSL denial of service attack and could cause the application to stop responding.
Vulnerability Details
CVEID: CVE-2016-8610**
DESCRIPTION:** SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause the application to stop responding.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118296 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
This vulnerability is known to affect the following offerings:
IBM Initiate Master Data Service versions 10.0 and 10.1
IBM InfoSphere Master Data Management Standard/Advanced Edition version 11.0, 11.3, 11.4, 11.5, and 11.6.
Remediation/Fixes
The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
| Product**** | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| IBM Initiate Master Data Service |
10.0
| None| 10.0.042517_IM_Initiate_MasterDataService_ALL_InterimFix
IBM InfoSphere Master Data Management Patient Hub |
10.0
| None| 10.0.042517_IM_Initiate_Patient_ALL_InterimFix
IBM InfoSphere Master Data Management Provider Hub |
10.0
| None| 10.0.042517_IM_Initiate_Provider_ALL_InterimFix
IBM Initiate Master Data Service|
10.1
| None| 10.1.042517_IM_Initiate_MasterDataService_ALL_InterimFix
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.0
| None| 11.0.0.6-MDM-SAE-FP06IF002
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.3
| None| 11.3.0.5-MDM-SE-AE-FP05IF005
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.4
| None| 11.4.0.7-MDM-SE-AE-FP07IF000
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.5
| None| 11.5.0.4-MDM-SE-AE-FP04IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.6
| None| 11.6.0.1-MDM-SAE-IF001
Workarounds and Mitigations
None
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.202 Low
EPSS
Percentile
96.3%