Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFEEC6406B761FE11953A237D6FF26E651E476C97DD8131AAF325021644AF8BFB
HistoryJun 16, 2018 - 7:49 p.m.

Security Bulletin: Vulnerabilities in the GSKit component of Transformation Extender (CVE-2016-0201, CVE-2015-7421, CVE-2015-7420)

2018-06-1619:49:59
www.ibm.com
5

EPSS

0.003

Percentile

69.4%

JSON

Summary

Vulnerabilities have been addressed in the GSKit component of Transformation Extender.

Vulnerability Details

CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain authentication credentials.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109310 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

C****VEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG pool state is duplicated during a fork() system call operation which results in a period of time where child processes may generate identical PRNG output to the parent. This may allow possible attacks related to predictable state which an attacker could exploit.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107695&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-7420 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The GSKit PRNG state is duplicated during a fork() system call operation which results in a period of time where child processes may generate identical PRNG output to the parent.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107694 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Transformation Extender 9.0.0.0

WebSphere Transformation Extender Secure Adapter Collection 8.4.1.0 - 8.4.1.3

WebSphere Transformation Extender Secure Adapter Collection 8.4.0.0 - 8.4.0.5

WebSphere Transformation Extender Secure Adapter Collection 8.3.0.0 - 8.3.0.6

Remediation/Fixes

Download and install the fixes for APAR PI55562 from IBM Fix Central:

* [Interim fixes for version 9.0](&lt;http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Transformation+Extender&release=9.0.0&platform=All&function=aparId&apars=PI55562&gt;)
* [Interim fixes for version 8.x](&lt;http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/WebSphere+Transformation+Extender&release=All&platform=All&function=aparId&apars=PI55562&gt;)

Workarounds and Mitigations

None

Related

ibm 58
nessus 1
prion 3
cvelist 3
cve 3
nvd 3
openvas 1
ibm
ibm
Security Bulletin: Vulnerabilities in the GSKit component of IBM® DB2® LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421)
2018-06-16 13:38:59
Security Bulletin: Vulnerabilities in the GSKit component of IBM Transformation Extender Hypervisor Edition (CVE-2016-0201, CVE-2015-7421, CVE-2015-7420)
2018-06-16 19:51:15
Security Bulletin: A security vulnerability has been identified in IBM® DB2® shipped with IBM Smart Analytics System and IBM PureData System for Operational Analytics (CVE-2016-0201, CVE-2015-7420, CVE-2015-7421)
2019-10-18 03:50:04
nessus
nessus
IBM HTTP Server 8.5.0.0 <= 8.5.5.8 / 8.0.0.0 <= 8.0.0.12 Multiple Vulnerabilities (538705)
2020-12-11 00:00:00
prion
prion
Design/Logic Flaw
2016-01-01 05:59:00
Design/Logic Flaw
2016-01-01 05:59:00
Code injection
2016-01-18 05:59:00
cvelist
cvelist
CVE-2015-7420
2016-01-01 02:00:00
CVE-2015-7421
2016-01-01 02:00:00
CVE-2016-0201
2016-01-18 02:00:00
cve
cve
CVE-2015-7421
2016-01-01 05:59:06
CVE-2015-7420
2016-01-01 05:59:05
CVE-2016-0201
2016-01-18 05:59:07
nvd
nvd
CVE-2015-7421
2016-01-01 05:59:06
CVE-2015-7420
2016-01-01 05:59:05
CVE-2016-0201
2016-01-18 05:59:07
openvas
openvas
IBM Security Network Protection Information Disclosure Vulnerability
2017-01-10 00:00:00

EPSS

0.003

Percentile

69.4%

JSON
Related for FEEC6406B761FE11953A237D6FF26E651E476C97DD8131AAF325021644AF8BFB
ibm58nessus1prion3cvelist3cve3nvd3openvas1