Security Bulletin: Vulnerabilities in GSKit fixed in IBM Security/Tivoli Directory Server (CVE-2015-0138, CVE-2015-0159)

Summary GSKit is an IBM component that is used by IBM Security/Tivoli Directory Server. The GSKit that is shipped with IBM Security/Tivoli Directory Server contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability...

Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in IBM Global Security Kit (CVE-2014-0963) and in Apache Struts V1.x (CVE-2014-0114)

Summary The IBM Security SiteProtector System product can be impacted by a vulnerability in IBM Global Security Kit GSKit as well as a vulnerability in Apache Struts V1.x Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: A GSKit vulnerability in relation to TLS Record Processing has been...

Security Bulletin: IBM Security Directory Server CPU utilization (CVE-2014-0963)

Summary IBM Security Directory Server is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM Security Directory Server is affected by a problem wi...

Security Bulletin: IBM GSKit Certificate Chain Vulnerability in Tivoli Access Manager and IBM Security Access Manager for Web (CVE-2013-6747)

Summary A specially constructed certificate could cause Tivoli Access Manager and IBM Security Access Manager for Web to stop responding or crash. Vulnerability Details CVEID: CVE-2013-6747 DESCRIPTION: Tivoli Access Manager and IBM Security Access Manager for Web use digital certificates to veri...

Security Bulletin: GSKit SSL negotiation vulnerability in Tivoli Access Manager for e-business (CVE-2013-6329)

Summary A vulnerability has been identified in the GSKit component utilized by Tivoli Access Manager for e-business TAM. A specially crafted SSL message can cause the TAM server component using GSKit to crash. Remediation for the issue consists of upgrading affected GSKit following the instructio...

Security Bulletin: Vulnerabilities in the GSKit component of IBM Transformation Extender Hypervisor Edition (CVE-2016-0201, CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities have been addressed in the GSKit component of IBM Transformation Extender Hypervisor Edition. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could explo...

Security Bulletin: Vulnerabilities in the GSKit component of IBM Transformation Extender Hypervisor Edition for AIX (CVE-2016-0201, CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities have been addressed in the GSKit component of IBM Transformation Extender Hypervisor Edition for AIX. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker cou...

Security Bulletin: Vulnerabilities in the GSKit component of Transformation Extender (CVE-2016-0201, CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities have been addressed in the GSKit component of Transformation Extender. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability t...

Security Bulletin: Vulnerabilities in GSKit affect IBM SPSS Modeler (CVE-2018-1447)

Summary Vulnerabilities were discovered in GSKit. IBM SPSS Modeler uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak passwor...

Security Bulletin: IBM Informix Server CPU utilization (CVE-2014-0963)

Summary Informix Server is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: Informix Server is affected by a problem with the handling of certain S...

Security Bulletin: IBM Informix Client SDK CPU utilization (CVE-2014-0963)

Summary Informix Client SDK is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: Informix Client SDK is affected by a problem with the handling of...

Security Bulletin: Potential SSL/TLS-related denial of service vulnerability in IBM Informix Server (CVE-2013-6329)

Summary Informix Server is impacted by a vulnerability in IBM's GSKIT library which can result in a denial of service caused by an error in SSL/TLS handshake processing related to session resumption when using SSLv2. A remote attacker could exploit this vulnerability to cause the system to crash...

Security Bulletin: Potential SSL/TLS-related denial of service vulnerability in IBM Informix Client SDK (CVE-2013-6329)

Summary Informix Client SDK is impacted by a vulnerability in IBM's GSKIT library which can result in a denial of service caused by an error in SSL/TLS handshake processing related to session resumption when using SSLv2. A remote attacker could exploit this vulnerability to cause the system to...

Security Bulletin: Vulnerabilities in GSKit affect IBM Data Server Client and Driver packages(CVE-2016-0201, CVE-2015-7420 and CVE-2015-7421)

Summary Vulnerabilities have been addressed in the GSKit component of IBM Data Server Client and Driver packages Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit th...

Security Bulletin: Vulnerabilities in GSKit affect IBM SPSS Modeler (CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities were discovered in GSKit. IBM SPSS Modeler uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG pool state is...

Security Bulletin: Vulnerabilities in the GSKit component of IBM® DB2® LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421)

Summary Vulnerabilities have been addressed in the GSKit component of IBM DB2 LUW. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain...

Security Bulletin: Vulnerability in GSKit affect IBM SPSS Modeler (CVE-2015-1788)

Summary GSKit is an internal component used by IBM SPSS Modeler. The GSKit contains a security vulnerability which may cause infinite loop. The issue is identified by the specified CVE below. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...

Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit and IBM Tivoli Flash Copy Manager. IBM DB2 LUW uses GSKit & IBM Tivoli Flash Copy Manager and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerab...

Security Bulletin: Vulnerabilities in GSKit affect IBM® DB2® (CVE-2015-0138, CVE-2015-0159 and CVE-2014-6221)

Summary GSKit is an IBM component that is used by IBM DB2. The GSKit that is shipped with IBM DB2 contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM DB2 has addressed the applicable CVEs. Vulnerability...

Security Bulletin: TLS padding vulnerability affects IBM Data Server Client packages (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Data Server Client packages. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive informatio...