Security Bulletin: OpenSSL vulnerability in IBM SAN Volume Controller and Lenovo Storwize Family (CVE-2014-0224)

Summary An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle MITM attack where the attacker can decrypt and modify traffic from the attacked client and server. Vulnerability...

Security Bulletin: IBM Initiate Master Data Service, IBM InfoSphere Master Data Management are affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

OpenSSL Multiple Vulnerabilities (20140605 - 1) - Windows

OpenSSL is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: IBM Netezza Platform Software is affected by the following OpenSSL vulnerabilities: CVE-2014-0224

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigat...

Security Bulletin: IBM Flex System Integrated Management Module II (IMM2) is affected by the following OpenSSL vulnerability: CVE-2014-0224

Summary An interface on the IBM BladeCenter Advanced Management Module AMM may expose user account names and passwords that have been configured on that AMM. Vulnerability Details Abstract Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL...

Security Bulletin: IBM XIV Gen2 OpenSSL vulnerability CVE-2014-0224

Summary IBM XIV Gen2 is vulnerable to CVE-2014-0224, which exposes users to a man-in-the-middle attack when using CIM-based management. This vulnerability was reported on June 5, 2014 by the OpenSSL project Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a...

Security Bulletin: IBM XIV Gen3 Storage System is exposed to the following OpenSSL vulnerability: CVE-2014-0224

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. IBM XIV Gen3 Storage System is exposed to CVE-2014-0224. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused...

Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances are affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and possibly CVE-2014-0076

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

Security Bulletin: Security exposure in IBM Concert (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470)

Summary 6 new OpenSSL Security Issues officially announced 05 Jun 2014 Vulnerability Details An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle MITM attack where the attacke...

Security Bulletin: Websphere DataPower vulnerability in SSL ChangeCipherSpec processing (CVE-2014-0224)

Summary A security vulnerability in ChangeCipherSpec processing allows intermediate nodes to intercept encrypted data and decrypt them and can force the use of weak keying material in SSL/TLS clients and servers. Vulnerability Details CVE ID: CVE-2014-0224 DESCRIPTION: An attacker using a careful...

Cisco IOS Multiple OpenSSL Vulnerabilities (CSCup22590)

The remote Cisco IOS device is missing a vendor-supplied security patch and has an IOS service configured to use TLS or SSL. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - A buffer overflow error exists related to invalid DTLS fragment handling that...

Amazon Linux: Security Advisory (ALAS-2014-349)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : Storage Server (RHSA-2014:0628)

Updated openssl packages that fix multiple security issues are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Amazon Linux AMI : openssl097a (ALAS-2014-351)

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. CVE-2014-0224 C Tenable Network...

Amazon Linux AMI : openssl (ALAS-2014-349)

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. CVE-2014-0224 Note: In order to...

Apache Tomcat 8.0.x < 8.0.11 Multiple OpenSSL Vulnerabilities

According to its self-reported version number, the Apache Tomcat server running on the remote host is 8.0.x prior to 8.0.11. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the function 'ssl3readbytes' that could allow data to be...

Puppet Enterprise 2.8.x / 3.2.x Multiple Vulnerabilities

According to its self-reported version number, the Puppet Enterprise application installed on the remote host is version 2.8.x or 3.2.x. It is, therefore, affected by multiple vulnerabilities : - An error exists in the 'dossl3write' function that permits a NULL pointer to be dereferenced, which...

HP Systems Insight Manager 7.2.x < 7.2 Hotfix 37 / 7.3.x < 7.3 Hotfix 34 OpenSSL Multiple Vulnerabilities

The version of HP Systems Insight Manager installed on the remote Windows host is affected by the following vulnerabilities in the included OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service...

Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10629)

According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - An error exists in the ssl3readbytes function that permits data to be injected into other sessions or allows denial of service attacks. Note that this...