IBME9A16E01D725E7EEE1F28FADC7D20FFB96AD7E58A347FCE28DCBA078F8294379Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ Advanced Message Security for IBM i platform (CVE-2014-3508)
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Summary
There is a vulnerability in OpenSSL that is used by IBM WebSphere MQ - Advanced Message Security. This issue was disclosed on August 6, 2014 by the OpenSSL project.
Vulnerability Details
CVE-ID: CVE-2014-3508
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in OBJ_obj2txt. If applications echo pretty printing output, an attacker could exploit this vulnerability to read information from the stack.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95165> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
IBM WebSphere MQ - Advanced Message Security V8.0.0.0 for IBM i platform
Remediation/Fixes
Apply Fix Pack 8.0.0.1 or later.
Workarounds and Mitigations
None known
| CPE | Name | Operator | Version |
|---|---|---|---|
| websphere mq | eq | 8.0.0.1 | |
| websphere mq | eq | 8.0 |
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N