7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project.
CVE-ID:CVE-2014-0224
**DESCRIPTION:**OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic.
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93586 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
IBM Sterling Connect:Direct for UNIX 4.0.00
· All versions prior to 4.0.00 iFix 112
IBM Sterling Connect:Direct for UNIX 4.1.0
· All versions prior to 4.1.0.4 iFix 27
The recommended solution is to apply the fix as soon as practical. Please see below for information about the available fixes.
Fixes for users who are not running Connect:Direct in FIPS mode on HP-UX VRMF | APAR | Remediation/First Fix |
---|---|---|
4.0.00 | IT02558 | Apply 4.0.00 iFix 112, available on IWM |
4.1.0 | IT02558 | Apply 4.1.0.4 iFix 27, available on Fix Central |
Alternatively, upgrade to 4.2.0, which is not affected by the vulnerability. |
Remediation for users who are running Connect:Direct in FIPS mode on HP-UX
Applying the iFixes listed in the table above on HP-UX (PA-RISC and Itanium) invalidates the FIPS mode of operation. Customers who run Connect:Direct on HP-UX in FIPS mode must upgrade to 4.2.0.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling connect:direct for unix | eq | 4.1 | |
ibm sterling connect:direct for unix | eq | 4.0 |
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N