Lucene search

K
ibmIBMFFCC3373408F02CC542763623853BD92D404CF7A56813566A2A692A6EC5C572D
HistoryMay 07, 2020 - 4:56 a.m.

Security Bulletin: A security vulnerability in IBM Websphere affects IBM Tivoli Netcool Performance Manager for Wireline (CVE-2013-0169)

2020-05-0704:56:20
www.ibm.com
12
ibm websphere
tls
lucky thirteen attack
vulnerability
tnpm wireline
cryptographic timing attack
cbc mode
security bulletin
websphere application server
main in the middle attack
plain text
secure channel
ibm
tivoli netcool performance manager
ibm support pages.

EPSS

0.005

Percentile

77.3%

Summary

The Lucky Thirteen attack is a cryptographic timing attack against implementations of the Transport Layer Security (TLS) protocol that use the CBC mode of operation. An attacker could perform main in the middle attacks to successfully obtain plain text from the secure channel.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
TNPM Wireline 1.4.0
TNPM Wireline 1.4.1
TNPM Wireline 1.4.2
TNPM Wireline 1.4.3
TNPM Wireline 1.4.4
TNPM Wireline 1.4.5

Remediation/Fixes

Refer to the following security bulletin for vulnerability details and information about fixes addressed by WebSphere Application Server shipped with Tivoli Netcool Performance Manager for Wireline.

<https://www.ibm.com/support/pages/node/227769&gt;

Workarounds and Mitigations

None