Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Unix

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for Unix. IBM Spectrum Protect Snapshot for Unix has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL coul...

IBM HTTP Server 7.0.0.0 <= 7.0.0.43 / 8.0.0.0 <= 8.0.0.14 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.8 Multiple Vulnerabilities (569301)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, including the following: - IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 duplicates the PRNG state across fork system calls when multiple ICC instances are loaded which cou...

Security Bulletin: IBM API Connect is affected by multiple GSKit and OpenSSL vulnerabilities

Summary IBM API Connect has addressed multiple vulnerabilities in GSKit and OpenSSL. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to...

Security Bulletin: IBM Security SiteProtector System is affected by GSKit vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in GSKit. Vulnerability Details CVEID: CVE-2018-1428 DESCRIPTION: IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Scor...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manager FastBack for Workstations)

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect for Workstations formerly Tivoli Storage Manager for Workstations. IBM Spectrum Protect for Workstations has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL...

Security Bulletin: Multiple security vulnerabilities have been identified in GSKit shipped with IBM ClearQuest (CVE-2016-0702, CVE-2018-1447, CVE-2018-1427, CVE-2016-0705)

Summary Vulnerabilities have been addressed in the GSKit component of IBM Rational ClearQuest. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel...

CVE-2018-1447

The GSKit IBM Spectrum Protect 7.1 and 7.2 and IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6 CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to...

CVE-2018-1447

The GSKit IBM Spectrum Protect 7.1 and 7.2 and IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6 CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to...