Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBEC8DD5A4460317E66B11DDCABEE5A8CD1A9D8D6F10837571E0C583ABB29DA65
HistoryJun 15, 2018 - 7:08 a.m.

Security Bulletin: API Connect is affected by weaker than expected cryptographic algorithm usage vulnerability (CVE-2018-1385)

2018-06-1507:08:51
www.ibm.com
8
JSON

Summary

API Connect has addressed the following vulnerability.

IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Vulnerability Details

CVEID:CVE-2018-1385**
DESCRIPTION: *IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/138144 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected API Connect

|

Affected Versions

—|—
IBM API Connect| 5.0.0.0-5.0.6.5
IBM API Connect| 5.0.7.0-5.0.7.2
IBM API Connect| 5.0.8.0-5.0.8.1

Remediation/Fixes

Affected Product

| Addressed in VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM API Connect

V5.0.0.0 - 5.0.6.5| 5.0.8.2| LI79882| Addressed in IBM API Connect V5.0.8.2 to allow configuration of cipher suites.

Follow this link and find the “APIConnect_Management” package.

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.1&platform=All&function=all

It is recommended to upgrade to 5.0.8.2 for remediation. If desire to remediate on 5.0.6.5 version, contact IBM Support for assistance.

After upgrade to 5.0.8.2, see <https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.cmc.doc/task_cmc_ciphers.html&gt; for instructions on setting the ciphers for a TLS server profile.
IBM API Connect

V5.0.7.0 - 5.0.7.2| 5.0.8.2| LI79882| Addressed in IBM API Connect V5.0.8.2 to allow configuration of cipher suites.

Follow this link and find the “APIConnect_Management” package.

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.1&platform=All&function=all

After upgrade to 5.0.8.2, see <https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.cmc.doc/task_cmc_ciphers.html&gt; for instructions on setting the ciphers for a TLS server profile.
IBM API Connect

V5.0.8.0 - 5.0.8.1| 5.0.8.2| LI79882| Addressed in IBM API Connect V5.0.8.2 to allow configuration of cipher suites.

Follow this link and find the “APIConnect_Management” package.

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.1&platform=All&function=all

After upgrade to 5.0.8.2, see <https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.cmc.doc/task_cmc_ciphers.html&gt; for instructions on setting the ciphers for a TLS server profile.

Related

cve 1
cve
cve
CVE-2018-1385
2023-02-21 01:53:03
JSON
Related for BEC8DD5A4460317E66B11DDCABEE5A8CD1A9D8D6F10837571E0C583ABB29DA65
cve1