4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
There is a vulnerability in OpenSSL that is used by IBM WebSphere MQ - Advanced Message Security. This issue was disclosed on August 6, 2014 by the OpenSSL project.
CVE-ID: CVE-2014-3508
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in OBJ_obj2txt. If applications echo pretty printing output, an attacker could exploit this vulnerability to read information from the stack.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95165> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
IBM WebSphere MQ - Advanced Message Security V8.0.0.0 for IBM i platform
Apply Fix Pack 8.0.0.1 or later.
None known
CPE | Name | Operator | Version |
---|---|---|---|
websphere mq | eq | 8.0.0.1 | |
websphere mq | eq | 8.0 |