Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project.
CVE-ID:CVE-2014-0224
**DESCRIPTION:**OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic.
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93586 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
IBM Netezza Platform Software 6.0.8.17 and earlier
IBM Netezza Platform Software 7.0.2.13 and earlier
IBM Netezza Platform Software 7.0.4.5 and earlier
IBM Netezza Platform Software 7.1.0.2 and earlier
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Netezza Platform Software| 6.0.8.17-P1| (Link to fix pack)
IBM Netezza Platform Software| 7.0.2.13-P1| (Link to fix pack)
IBM Netezza Platform Software| 7.0.4.5-P1| (Link to fix pack)
IBM Netezza Platform Software| 7.1.0.2-P1| (Link to fix pack)
None known