Home Unlabelled IBM Security Bulletin: IBM API Connect is affected by an OpenSSL vulnerability (CVE-2017-3736)

IBM Security Bulletin: IBM API Connect is affected by an OpenSSL vulnerability (CVE-2017-3736)

By
Tuesday, April 03, 2018
Read
Add Comment

Apr 3, 2018 9:01 am EDT

Categorized: Medium Severity

Share this post:

IBM API Connect has addressed the following vulnerability.  OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key.

CVE(s): CVE-2017-3736

Affected product(s) and affected version(s):

Affected API ConnectAffected Versions
IBM API Connect5.0.0.0-5.0.6.5
IBM API Connect5.0.7.0-5.0.7.2
IBM API Connect5.0.8.0-5.0.8.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22014657
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397



from IBM Product Security Incident Response Team https://ift.tt/2Gv7Dg6
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us