logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere Cast Iron Cloud Integration (CVE-2015-3197)

Description

## Summary OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by WebSphere Cast Iron Cloud Integration, has addressed the applicable CVEs. ## Vulnerability Details **CVEID:** [_CVE-2015-3197_](<https://vulners.com/cve/CVE-2015-3197>)** DESCRIPTION:** OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by an error related to the negotiation of disabled SSLv2 ciphers by malicious SSL/TLS clients. An attacker could exploit this vulnerability to conduct man-in-the-middle attacks. CVSS Base Score: 5.4 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110235_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110235>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) ## Affected Products and Versions This vulnerability affects all versions of the product WebSphere Cast Iron v 7.5.x, WebSphere Cast Iron v 7.0.0.x, WebSphere Cast Iron v 6.4.0.x WebSphere Cast Iron v 6.3.0.x WebSphere Cast Iron v 6.1.0.x ## Remediation/Fixes _Product_ | _VRMF_| _APAR_| _Remediation/First Fix_ ---|---|---|--- Cast Iron Appliance| 7.5.x| LI79166| [iFix 7.5.1.0-CUMUIFIX-003](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20160707-1626_H11_64-CUMUIFIX-003.scrypt2,7.5.1.0-WS-WCI-20160707-1626_H11_64-CUMUIFIX-003.vcrypt2,7.5.1.0-WS-WCI-20160707-1626_H11_64-CUMUIFIX-003.docker&includeSupersedes=0>) Cast Iron Appliance| 7.0.0.x| LI79166| [iFix 7.0.0.2-CUMUIFIX-030](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20160711-1236_H11_64-CUMUIFIX-030.vcrypt2,7.0.0.2-WS-WCI-20160711-1236_H11_64-CUMUIFIX-030.scrypt2&includeSupersedes=0>) Cast Iron Appliance| 6.4.0.x| LI79166| [iFix 6.4.0.1-CUMUIFIX-038](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20160405-0954_H5-CUMUIFIX-038.scrypt2,6.4.0.1-WS-WCI-20160405-0954_H5-CUMUIFIX-038.vcrypt2&includeSupersedes=0>) Cast Iron Appliance| 6.3.0.x| LI79166| [iFix 6.3.0.2-CUMUIFIX-021](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20160405-1122_H4-CUMUIFIX-021.scrypt2,6.3.0.2-WS-WCI-20160405-1122_H4-CUMUIFIX-021.vcrypt2&includeSupersedes=0>) Cast Iron Appliance| 6.1.0.x| LI79166| [iFix 6.1.0.15-CUMUIFIX-028](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.1.0.15&platform=All&function=fixId&fixids=6.1.0.15-WS-WCI-20160405-0937_H4-CUMUIFIX-028.vcrypt2,6.1.0.15-WS-WCI-20160405-0937_H4-CUMUIFIX-028.scrypt2&includeSupersedes=0>) ## Workarounds and Mitigations None ##


Affected Software


CPE Name Name Version
ibm cast iron cloud integration 7.5.1.0
ibm cast iron cloud integration 7.5.0.1
ibm cast iron cloud integration 7.5.0.0
ibm cast iron cloud integration 7.0.0.2
ibm cast iron cloud integration 7.0.0.1
ibm cast iron cloud integration 7.0.0
ibm cast iron cloud integration 6.4.0.1
ibm cast iron cloud integration 6.4.0.0
ibm cast iron cloud integration 6.3.0.2
ibm cast iron cloud integration 6.3.0.1
ibm cast iron cloud integration 6.3
ibm cast iron cloud integration 6.1.0.9
ibm cast iron cloud integration 6.1.0.15

Related