IBM Products OpenSSL Multiple Vulnerabilities
RISK: High Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities have been identified in IBM Cloudburst and IBM Service Delivery Manager, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a vulnerable system or an application using the library.
The vulnerabilities are caused due to a bundled vulnerable version of OpenSSL.
Impact
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- IBM Cloudburst 2.x
- IBM Service Delivery Manager 7.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply patch. Please see the vendor advisory for more details.
http://www.ibm.com/support/docview.wss?uid=swg21638669
http://www.ibm.com/support/docview.wss?uid=swg21638670
Vulnerability Identifier
- CVE-2010-0742
- CVE-2010-1633
- CVE-2010-3864
- CVE-2010-4252
- CVE-2011-0014
- CVE-2011-3207
- CVE-2011-3210
- CVE-2011-4108
- CVE-2011-4576
- CVE-2011-4577
- CVE-2011-4619
- CVE-2012-0027
- CVE-2012-0050
- CVE-2012-0884
- CVE-2012-2110
- CVE-2012-2131
- CVE-2012-2686
- CVE-2013-0166
- CVE-2013-0169
Source
Related Link
Share with