Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability

Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2019-1563. Vulnerability Details CVEID:CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in PKCS7dataDecode and...

Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in PKCS7dataDecode and CMSdecryptset1pkey. By sendin...

Security Bulletin: OpenSSL (Publicly disclosed vulnerability) for IBM b-type switches and directors

Summary Fixes are released for OpenSSL Publicly disclosed vulnerability for IBM b-type switches and directors. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group...

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in OpenSSL (CVE-2019-1547 and CVE-2019-1563)

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group missing the cofactor usin...

Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager

Summary OpenSSL is shipped with IBM Tivoli Network Manager version 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting OpenSSL is published here. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain...

Moderate: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1552, CVE-2019-1563)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL could allow a local attacker to bypass security restrictions,...

Security Bulletin: OpenSSL publicly disclosed vulnerability

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in...

Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert

Summary OpenSSL has a security vulnerability that allows a remote attacker to exploit the application. OpenSSL is used by Rational BuildForge Agent shipped with IBM Rational Team Concert. Rational BuildForge has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION:...

There is a vulnerability in OpenSSL used by AIX.

IBM SECURITY ADVISORY First Issued: Tue Nov 26 14:32:29 CST 2019 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory31.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory31.asc...

Debian DSA-4539-1 : openssl - security update

Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7dataDecode and CMSdecryptset1pkey and it was discovered that a feature of the random number generator RNG intended to protect against shared RNG state between parent and child processes in th...

Debian DSA-4540-1 : openssl1.0 - security update

Two security issues were discovered in OpenSSL: A timing attack against ECDSA and a padding oracle in PKCS7dataDecode and CMSdecryptset1pkey. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4540. The text...

CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

Vulnerability in OpenSSL - Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...