Security Bulletin: IBM Tivoli Network Manager - GSKit Security Vulnerabilities (CVE-2013-0169), (CVE-2012-2190) and (CVE-2013-0166)

Summary OpenSSL Security Advisory updates Feb 2013: GSKit Lucky 13 TLS CBC Timing Attack - CVE-2013-0169. A vulnerability in relation to Session ID Lengths and SSL/TLS Server has been discovered that impacts GSKit - CVE-2012-2190. OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1...

Security Bulletin: IBM FileNet Image Services is affected by GSKit and GSKit-Crypto vulnerabilities

Summary IBM FileNet Image Services has addressed multiple GSKit and GSKit-Crypto vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this...

Security Bulletin: eDiscovery Manager is affected by GSKit and GSKit-Crypto vulnerabilities

Summary eDiscovery Manager has addressed multiple GSKit and GSKit-Crypto vulnerabilities. Details of the vulnerabilities is mentioned below. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private...

Security Bulletin: A vulnerability in GSKit and GSKit-Crypto Security affect Content Manager OnDemand for Multi platforms ( CVE-2018-1447 )

Summary There is a vulnerability in GSKit and GSKit-Crypto Security that is used by Content Manager OnDemand for Multi platforms. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of...

Security Bulletin: Vulnerabilities in GSKit affect IBM Content Collector for SAP Applications (CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities were discovered in GSKit. IBM Content Collector for SAP Applications uses GSKit and addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal I...

Security Bulletin: A vulnerability in the GSKit component of Content Manager OnDemand for Multiplatforms (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of Content Manager OnDemand for Multiplatforms. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit...

Security Bulletin: Multiple security vulnerabilities have been identified in GSKit shipped with IBM ClearQuest (CVE-2016-0702, CVE-2018-1447, CVE-2018-1427, CVE-2016-0705)

Summary Vulnerabilities have been addressed in the GSKit component of IBM Rational ClearQuest. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel...

Security Bulletin: A vulnerability in the GSKit component of IBM Rational RequisitePro (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of Rational RequisitePro. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to...

Security Bulletin: Vulnerabilities in GSKit affect Rational RequisitePro (CVE-2015-1788)

Summary GSKit is an IBM component that is used by IBM Rational RequisitePro. The GSKit that is shipped with IBM Rational RequisitePro contains a security vulnerability. IBM Rational RequisitePro has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is...

Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearQuest (CVE-2015-1788)

Summary GSKit is an IBM component that is used by IBM Rational ClearQuest. The GSKit that is shipped with IBM Rational ClearQuest contains a security vulnerability. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is...

Security Bulletin: Vulnerabilities in GSKit affect IBM Rational RequisitePro (CVE-2015-0138)

Summary GSKit is an IBM component that is used by IBM Rational RequisitePro. The GSKit that is shipped with IBM Rational RequisitePro contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM Rational...

Security Bulletin: Vulnerabilities in RequisitePro GSKit Component (CVE-2014-0076)

Summary An attacker running a program on the same machine as where the victim is running a program could use CPU timing information to discover key information. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for...

Security Bulletin: Vulnerabilities in ClearQuest GSKit Component (CVE-2014-0076)

Summary IBM Rational ClearQuest is vulnerable to a denial of service caused by an error in the Global Security Toolkit GSKit component. By initiating an SSL/TLS connection using a malformed certificate chain, a server process could hang or crash. Vulnerability Details | Subscribe to My...

Security Bulletin: Vulnerabilities in RequisitePro GSKit Component (CVE-2014-0963)

Summary A vulnerability in IBM Rational RequisitePro in relation to TLS Record Processing has been discovered related to TLS 1.0 and later which can result in high CPU utilization that requires a system reboot to resolve. Vulnerability Details | Subscribe to My Notifications to be notified of...

Security Bulletin: Vulnerabilities in ClearQuest GSKit Component (CVE-2013-6747)

Summary IBM Rational ClearQuest is vulnerable to a denial of service caused by an error in the Global Security Toolkit GSKit component. By initiating an SSL/TLS connection using a malformed certificate chain, a server process could hang or crash. Vulnerability Details | Subscribe to My...

Security Bulletin: Vulnerability in IBM Rational RequisitePro with a potential for a TLS attack (CVE-2013-0169)

Summary The IBM GSKit component used in Rational RequisitePro is susceptible to a Transport Layer Security protocol vulnerability known as "Lucky Thirteen." The vulnerability might allow remote attackers to conduct distinguishing and plain-text recovery attacks by statistically analyzing timing...

Security Bulletin: IBM Rational ClearCase update for security vulnerabilities in OpenSSL component

Summary IBM Rational ClearCase uses the OpenSSL component for establishing SSL connections. ClearCase now ships an updated version of OpenSSL on Unix and Linux platforms, and uses a new component called IBM GSKit on Windows which also mitigates against the OpenSSL vulnerabilities. Vulnerability...

Security Bulletin: Vulnerabilities in RequisiteWeb (CVE-2012-2203, CVE-2012-2191)

Summary Notice of security vulnerabilities which impact IBM Rational RequisiteWeb RequisiteWeb along with instructions to resolve the issues. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information...

Security Bulletin: IBM Rational ClearQuest security vulnerability fixes for CVE-2012-2203

Summary IBM Rational ClearQuest uses the IBM GSKit component to establish SSL connections to an LDAP directory server for LDAP authentication. ClearQuest 7.1.2.8 and 8.0.0.4 install updated versions of GSKit which contain corrections for security vulnerability CVE-2012-2203 Vulnerability Details ...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway (CVE-2018-1447)

Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about multiple security vulnerabilities affecting the IBM HTTP server component of IBM WebSphere Application Server h...