Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability

Summary

IBM Security Guardium is aware of the following vulnerability

Vulnerability Details

CVE-ID: CVE-2019-1559
Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. An attacker could exploit this vulnerability using a 0-byte record padding-oracle attack to decrypt traffic.
CVSS Base Score: 5.8
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/157514&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 10.1.4 - 10.6

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 10.1.4-10.6 | https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=Guardium_10.6.1.12_FAMforNAS_Windows_v10.6.1.12&amp;continue=1

Or

https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=Guardium_10.6.1.12_FAMforSP_Windows_v10.6.1.12&amp;continue=1