Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF111F5B37423A1DF8CCD8C76DB4229A06E7EBBBB167110947F84D5EB4E5728C3
HistoryJun 16, 2018 - 9:39 p.m.

Security Bulletin: A vulnerability in the GSKit component of IBM Security SiteProtector System (CVE-2016-0201)

2018-06-1621:39:11
www.ibm.com
8

EPSS

0.003

Percentile

68.2%

JSON

Summary

A vulnerability has been addressed in the GSKit component of IBM Security SiteProtector System.

Vulnerability Details

CVEID: CVE-2016-0201 **
DESCRIPTION:** IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain authentication credentials.

CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109310 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Security SiteProtector System 3.0 and 3.1.1

Remediation/Fixes

Apply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:

For SiteProtector 3.0:

SiteProtector Core Component

|

ServicePack3_0_0_10.xpu

—|—

Event Collector Component

|

RSEvntCol_WINNT_XXX_ST_3_0_0_9.xpu

Agent Manager Component

|

AgentManager_WINNT_XXX_ST_3_0_0_55.xpu

For SiteProtector 3.1.1:

SiteProtector Core Component

|

ServicePack3_1_1_5.xpu

—|—

Event Collector Component

|

RSEvntCol_WINNT_XXX_ST_3_1_1_5.xpu

Agent Manager Component

|

AgentManager_WINNT_XXX_ST_3_1_1_25.xpu

Update Server Component

|

UpdateServer_3_1_1_6.pkg

Event Archiver Component

|

EventArchiver_3_1_1_4.pkg

Event Archiver Importer Component

|

EventArchiverImporter_3_1_1_4.zip

Manual Upgrader Component

|

MU_3_1_1_5.xpu

Certificate Management Tools

|

CertificateManagerTools_3_1_1_3.zip

Please note that the Update Server, Event Archiver and Manual Upgrader are automatically updated by default. In addition, the same versions of these components apply to both releases of SiteProtector.

Alternatively, the packages can be manually obtained from the IBM Security License Key and Download Center using the following URL:
<https://ibmss.flexnetoperations.com/service/ibms/login&gt;

The Certificate Management Tools can only be obtained from the IBM Security License Key and Download Center.

Workarounds and Mitigations

None

Related

openvas 1
ibm 48
cvelist 1
cve 1
prion 1
nvd 1
nessus 1
openvas
openvas
IBM Security Network Protection Information Disclosure Vulnerability
2017-01-10 00:00:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in the GSKit component of IBM Security Access Manager for Web (CVE-2016-0201)
2018-06-16 21:38:55
Security Bulletin: A vulnerability in the GSKit component of IBM Tivoli Storage FlashCopy Manager for UNIX and VMware (CVE-2016-0201)
2018-06-17 15:16:55
Security Bulletin: A vulnerability in the GSKit component of IBM MQ Appliance (CVE-2016-0201)
2018-06-15 07:04:31
cvelist
cvelist
CVE-2016-0201
2016-01-18 02:00:00
cve
cve
CVE-2016-0201
2016-01-18 05:59:07
prion
prion
Code injection
2016-01-18 05:59:00
nvd
nvd
CVE-2016-0201
2016-01-18 05:59:07
nessus
nessus
IBM HTTP Server 8.5.0.0 <= 8.5.5.8 / 8.0.0.0 <= 8.0.0.12 Multiple Vulnerabilities (538705)
2020-12-11 00:00:00

EPSS

0.003

Percentile

68.2%

JSON
Related for F111F5B37423A1DF8CCD8C76DB4229A06E7EBBBB167110947F84D5EB4E5728C3
openvas1ibm48cvelist1cve1prion1nvd1nessus1