Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME0A58ED8F9D2EAC5F3D7B7629F5373292F4D9CAE0E0ACB4EFB9DF940BFA17EC8
HistorySep 25, 2022 - 11:13 p.m.

Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000 and D5100 and IBM Smart Analytics System 1050, 2050, 5600 and 5710 are affected by vulnerabilities in OpenSSL

2022-09-2523:13:40
www.ibm.com
14

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

JSON

Abstract

A number of security vulnerabilities have been identified in the OpenSSL libraries that are part of the operating system software included with the vulnerable systems.

Content

VULNERABILITY DETAILS

CVE IDs:

CVE-2012-2131, CVE-2012-2110, CVE-2012-0884, CVE-2012-0050, CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-3210, CVE-2011-0014, CVE-2010-3864

DESCRIPTION:

The IBM Smart Analytics System 1050, IBM Smart Analytics System 2050, IBM InfoSphere Balanced Warehouse C Class for Linux, IBM InfoSphere Balanced Warehouse D5100, IBM Smart Analytics 5600 systems, and IBM Smart Analytics 5710 systems are shipped with SuSE Linux Enterprise Server Edition operating system software. A number of security vulnerabilities have been identified in the OpenSSL libraries that are part of the operating system software. See the references section for links to the description of each individual vulnerability.

CVE-2012-2131
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/75099&gt; for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2012-2110
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/74926&gt; for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2012-0884
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73916&gt;[](&lt;https://exchange.xforce.ibmcloud.com/vulnerabilities/74926&gt;) for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2012-0050
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/72458&gt;[](&lt;https://exchange.xforce.ibmcloud.com/vulnerabilities/74926&gt;) for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2011-4108
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/72128&gt;[](&lt;https://exchange.xforce.ibmcloud.com/vulnerabilities/74926&gt;) for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2011-4576
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/72130&gt;[](&lt;https://exchange.xforce.ibmcloud.com/vulnerabilities/74926&gt;) for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2011-4577

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/72131&gt;[](&lt;https://exchange.xforce.ibmcloud.com/vulnerabilities/74926&gt;) for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2011-4619

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/72132&gt;[](&lt;https://exchange.xforce.ibmcloud.com/vulnerabilities/74926&gt;) for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2011-3210
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/69614&gt;[](&lt;https://exchange.xforce.ibmcloud.com/vulnerabilities/74926&gt;) for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2011-0014
CVSS Base Score: 5.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/68221&gt;[](&lt;https://exchange.xforce.ibmcloud.com/vulnerabilities/74926&gt;) for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:P)

CVE-2010-3864
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/63293&gt;[](&lt;https://exchange.xforce.ibmcloud.com/vulnerabilities/74926&gt;) for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

AFFECTED PRODUCTS AND VERSIONS:

IBM InfoSphere Balanced Warehouse C3000
IBM InfoSphere Balanced Warehouse C4000
IBM InfoSphere Balanced Warehouse D5100
IBM Smart Analytics System 1050 for Linux
IBM Smart Analytics System 2050 for Linux
IBM Smart Analytics System 5600 V1
IBM Smart Analytics System 5600 V2
IBM Smart Analytics System 5710

REMEDIATION:

FIXES:

Find your product in the table below and use the link in the third column to find the patch provided by Novell. Previously supported Balanced Warehouse environments not listed below require additional investigation to determine vulnerability and the appropriate remediation. Access to the patches on the Novell site is restricted and requires a valid Novell license and ID.

Product Operating System Patch Link
IBM Smart Analytics System 1050 for Linux
IBM Smart Analytics System 2050 for Linux SuSE Enterprise Server 11 SP1 64-bit Patch 6245
IBM InfoSphere Balanced Warehouse D5100
IBM Smart Analytics System 5600 V1
IBM Smart Analytics System 5600 V2
IBM InfoSphere Balanced Warehouse C3000
IBM InfoSphere Balanced Warehouse C4000 SuSE Enterprise Server 10 SP4 64-bit Patch 8112
IBM Smart Analytics System 5710 SuSE Enterprise Server 11 SP2 64-bit Patch 6245

WORKAROUND(S):

None.

MITIGATION(S):

None.

REFERENCES:

RELATED INFORMATION:

_IBM Secure Engineering Web Portal _
IBM Product Security Incident Response Blog

ACKNOWLEDGEMENT:

None.

CHANGE HISTORY:
January 18, 2013: Document created.

_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _

Note:_ According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._

[{“Product”:{“code”:“SSKT3D”,“label”:“IBM Smart Analytics System”},“Business Unit”:{“code”:“BU050”,“label”:“BU NOT IDENTIFIED”},“Component”:“IBM Smart Analytics System 5600”,“Platform”:[{“code”:“PF016”,“label”:“Linux”}],“Version”:“9.5;9.7”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}},{“Product”:{“code”:“SSKT3D”,“label”:“IBM Smart Analytics System”},“Business Unit”:{“code”:“BU050”,“label”:“BU NOT IDENTIFIED”},“Component”:“IBM Smart Analytics System 1050”,“Platform”:[{“code”:“PF016”,“label”:“Linux”}],“Version”:“”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}},{“Product”:{“code”:“SSKT3D”,“label”:“IBM Smart Analytics System”},“Business Unit”:{“code”:“BU050”,“label”:“BU NOT IDENTIFIED”},“Component”:“IBM Smart Analytics System 2050”,“Platform”:[{“code”:“PF016”,“label”:“Linux”}],“Version”:“”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}},{“Product”:{“code”:“SSFVXC”,“label”:“InfoSphere Balanced Warehouse”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud \u0026 Data Platform”},“Component”:“Balanced Warehouse D Class - D5100”,“Platform”:[{“code”:“”,“label”:“”}],“Version”:“”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}},{“Product”:{“code”:“SSFVXC”,“label”:“InfoSphere Balanced Warehouse”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud \u0026 Data Platform”},“Component”:“Balanced Warehouse C Class - C3000”,“Platform”:[{“code”:“PF016”,“label”:“Linux”}],“Version”:“”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}},{“Product”:{“code”:“SSFVXC”,“label”:“InfoSphere Balanced Warehouse”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud \u0026 Data Platform”},“Component”:“Balanced Warehouse C Class - C4000”,“Platform”:[{“code”:“”,“label”:“”}],“Version”:“”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}},{“Product”:{“code”:“SSKT3D”,“label”:“IBM Smart Analytics System”},“Business Unit”:{“code”:“BU050”,“label”:“BU NOT IDENTIFIED”},“Component”:“IBM Smart Analytics System 5710”,“Platform”:[{“code”:“PF016”,“label”:“Linux”}],“Version”:“”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}}]

Related

oraclelinux 4
openvas 66
ibm 8
nessus 54
amazon 1
fedora 7
centos 3
redhat 7
osv 3
gentoo 1
suse 7
aix 1
freebsd_advisory 1
freebsd 3
ubuntu 2
securityvulns 7
debian 4
cert 1
debiancve 2
prion 2
openssl 2
checkpoint_security 1
ubuntucve 2
cve 2
f5 2
altlinux 5
rosalinux 1
oraclelinux
oraclelinux
openssl security update
2012-01-24 00:00:00
openssl security update
2012-01-24 00:00:00
openssl security update
2012-02-01 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2012-0059)
2015-10-06 00:00:00
RedHat Update for openssl RHSA-2012:0059-01
2012-07-09 00:00:00
RedHat Update for openssl RHSA-2012:0059-01
2012-07-09 00:00:00
ibm
ibm
Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL versions prior to 1.0.0
2022-09-25 23:13:40
Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multiple vulnerabilities in OpenSSL
2022-09-25 20:45:36
Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities.
2018-06-18 00:07:41
nessus
nessus
Fedora 16 : openssl-1.0.0f-1.fc16 (2012-0232)
2012-01-11 00:00:00
Oracle Linux 6 : openssl (ELSA-2012-0059)
2013-07-12 00:00:00
Amazon Linux AMI : openssl (ALAS-2012-38)
2013-09-04 00:00:00
amazon
amazon
Medium: openssl
2012-02-02 14:24:00
fedora
fedora
[SECURITY] Fedora 16 Update: openssl-1.0.0f-1.fc16
2012-01-11 06:13:34
[SECURITY] Fedora 15 Update: openssl-1.0.0f-1.fc15
2012-01-15 20:10:09
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1c-1.fc18
2012-11-23 07:52:37
centos
centos
openssl security update
2012-01-30 20:25:59
openssl security update
2012-01-24 21:54:22
openssl security update
2012-02-01 22:15:00
redhat
redhat
(RHSA-2012:0059) Moderate: openssl security update
2012-01-24 00:00:00
(RHSA-2012:1308) Important: openssl security update
2012-09-24 15:54:31
(RHSA-2012:1307) Important: openssl security update
2012-09-24 15:53:22
osv
osv
openssl - multiple
2012-04-24 00:00:00
openssl - incomplete fix
2012-04-24 00:00:00
openssl - several
2012-01-15 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2012-03-06 00:00:00
suse
suse
Security update for OpenSSL (important)
2012-01-16 17:08:28
openssl: fixing various security issues (important)
2012-01-16 17:08:14
Security update for openssl (important)
2012-05-30 23:08:17
aix
aix
Multiple OpenSSL vulnerabilities
2012-03-21 13:02:49
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:01.openssl
2012-05-30 00:00:00
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2012-05-03 00:00:00
OpenSSL -- multiple vulnerabilities
2012-01-04 00:00:00
OpenSSL -- DTLS Denial of Service
2012-01-18 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2012-02-09 00:00:00
OpenSSL vulnerability
2012-04-24 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator &#40;OA&#41;, Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service &#40;DoS&#41;
2012-06-17 00:00:00
HP Onboard Administrator multiple security vulnerabilities
2012-06-17 00:00:00
[SECURITY] [DSA 2454-1] openssl security update
2012-04-22 00:00:00
debian
debian
[SECURITY] [DSA 2454-1] openssl security update
2012-04-19 21:21:20
[SECURITY] [DSA 2454-2] openssl incomplete fix
2012-04-25 02:03:10
[SECURITY] [DSA 2390-1] openssl security update
2012-01-15 20:23:09
cert
cert
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL
2013-03-18 00:00:00
debiancve
debiancve
CVE-2012-2131
2012-04-24 20:55:00
CVE-2012-0050
2012-01-19 19:55:00
prion
prion
Integer overflow
2012-04-24 20:55:00
Design/Logic Flaw
2012-01-19 19:55:00
openssl
openssl
Vulnerability in OpenSSL CVE-2012-2131
2012-04-24 00:00:00
Vulnerability in OpenSSL CVE-2012-0050
2012-01-04 00:00:00
checkpoint_security
checkpoint_security
Check Point response to OpenSSL ASN1 BIO vulnerability (CVE-2012-2110, CVE-2012-2131)
2012-04-19 21:00:00
ubuntucve
ubuntucve
CVE-2012-2131
2012-04-24 00:00:00
CVE-2012-0050
2012-01-19 00:00:00
cve
cve
CVE-2012-2131
2012-04-24 20:55:00
CVE-2012-0050
2012-01-19 19:55:00
f5
f5
K15417 : OpenSSL vulnerability CVE-2012-0050
2014-08-14 00:00:00
SOL15417 - OpenSSL vulnerability CVE-2012-0050
2014-07-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0h-alt1
2012-03-23 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0h-alt1
2012-03-23 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.0h-alt1
2012-03-23 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1939
2021-07-02 17:38:47

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

JSON
Related for E0A58ED8F9D2EAC5F3D7B7629F5373292F4D9CAE0E0ACB4EFB9DF940BFA17EC8
oraclelinux4openvas66ibm8nessus54amazon1fedora7centos3redhat7osv3gentoo1suse7aix1freebsd_advisory1freebsd3ubuntu2securityvulns7debian4cert1debiancve2prion2openssl2checkpoint_security1ubuntucve2cve2f52altlinux5rosalinux1