7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability in GSKit component of IBM Tivoli Monitoring has been addressed.
CVEID: CVE-2016-2183**
DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Basic service module kdebe for IBM Tivoli Monitoring 622 through 622 Fix Pack 9, 623 through 623 Fix Pack 5 and 630 through 630 Fix Pack 7 is affected for the following components: TEMA(KAX/KGL), TEMS(KMS), TEPS(KCQ) and Automation Server(KAS)
The patches below update the TEMA(KAX/KGL), TEMS(KMS), TEPS(KCQ) and Automation Server(KAS) components which are shipped as part of ITM
The technote Upgrading Shared Components for IBM Tivoli Monitoring Agents provides information on updating Shared Libraries.
Fix | VRMF | How to acquire fix |
---|---|---|
6.3.0-TIV-ITM-FP0007-IV94012 | 6.3.0 | http://www.ibm.com/support/docview.wss?uid=swg24043547 |
6.2.3-TIV-ITM-FP0005-IV94012 | 6.2.3 | |
6.2.2-TIV-ITM-FP0009-IV94012 | 6.2.2 |
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N