IBMDBE2C597A340BB7900131FBD56B9725ABD555479F4A26F00BC0341CBA4E926B2Security Bulletin: Rational Insight is affected by OpenSSL vulnerability (CVE-2014-0224)
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Summary
A security vulnerability has been discovered in OpenSSL (shipped with IBM Rational Insight) that was reported on June 5, 2014 by the OpenSSL Project. A newer version of this library in made available for resolving this vulnerability.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID: CVE-2014-0224
**Description:**OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic.
CVSS Base Score: 5.8 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93586> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Affected Products and Versions
Rational Insight 1.0.1, 1.0.1 iFix1, 1.0.1.1, 1.1, 1.1.1, 1.1.1.1, 1.1.1.2, 1.1.1.3 and 1.1.1.4
Remediation/Fixes
The recommended solution is to apply the recommended fixes to all affected versions of Rational Insight as soon as practical.
Rational Insight 1.0.1, 1.0.1 iFix1 and 1.0.1.1
- Download and install the Cognos Business Intelligence 8.4.1 Interim Fix 6. Review document 4037867: Cognos Business Intelligence 8.4.1 interim fixes address a security vulnerability for the detailed instructions.
Rational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2
- Download and install the Cognos Business Intelligence 10.1.1 Interim Fix 7. Review document 4037974: Cognos Business Intelligence 10.1.x interim fixes address a security vulnerability for the detailed instructions.
Note: The Cognos fix package is installed into thecognos subdirectory of the Insight installation.
Rational Insight 1.1.1.3****and 1.1.1.4
- Download and install the Cognos Business Intelligence 10.2.1 Interim Fix 6. Review document 4037870: Cognos Business Intelligence 10.2.x interim fixes address a security vulnerability for the detailed instructions.
Note: The Cognos fix package is installed into thecognos subdirectory of the Insight installation.
Workarounds and Mitigations
None
Related
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N