Lucene search

K
ibmIBMF79FD42DBC6E95452C270E0FACA2622CBAF2CD5229D9E1837E32170CAC64B160
HistoryNov 18, 2019 - 1:57 p.m.

Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere Cast Iron Cloud Integration (CVE-2015-3197)

2019-11-1813:57:34
www.ibm.com
13

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

90.0%

Summary

OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by WebSphere Cast Iron Cloud Integration, has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2015-3197**
DESCRIPTION:** OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by an error related to the negotiation of disabled SSLv2 ciphers by malicious SSL/TLS clients. An attacker could exploit this vulnerability to conduct man-in-the-middle attacks.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110235 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Affected Products and Versions

This vulnerability affects all versions of the product
WebSphere Cast Iron v 7.5.x,
WebSphere Cast Iron v 7.0.0.x,
WebSphere Cast Iron v 6.4.0.x
WebSphere Cast Iron v 6.3.0.x
WebSphere Cast Iron v 6.1.0.x

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
Cast Iron Appliance| 7.5.x| LI79166| iFix 7.5.1.0-CUMUIFIX-003
Cast Iron Appliance| 7.0.0.x| LI79166| iFix 7.0.0.2-CUMUIFIX-030
Cast Iron Appliance| 6.4.0.x| LI79166| iFix 6.4.0.1-CUMUIFIX-038
Cast Iron Appliance| 6.3.0.x| LI79166| iFix 6.3.0.2-CUMUIFIX-021
Cast Iron Appliance| 6.1.0.x| LI79166| iFix 6.1.0.15-CUMUIFIX-028

Workarounds and Mitigations

None

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

90.0%