Home Unlabelled IBM Security Bulletin: IBM MQ and IBM WebSphere MQ are vulnerable to an OpenSSL Montgomery squaring function propagation flaw (CVE-2017-3736)

IBM Security Bulletin: IBM MQ and IBM WebSphere MQ are vulnerable to an OpenSSL Montgomery squaring function propagation flaw (CVE-2017-3736)

By
Tuesday, April 17, 2018
Read
Add Comment

Apr 17, 2018 9:00 am EDT

Categorized: Medium Severity

Share this post:

IBM MQ and IBM WebSphere MQ are affected by an OpenSSL vulnerability which could allow a remote attacker to obtain sensitive information. This is caused by a carry propagation flaw in the the x86_64 Montgomery squaring function bn_sqrx8x_internal().

CVE(s): CVE-2017-3736

Affected product(s) and affected version(s):

IBM WebSphere MQ v7.0.1

  • Maintenance levels 7.0.1.0 – 7.0.1.14

IBM WebSphere MQ v7.1

  • Maintenance levels 7.1.0.0 – 7.1.0.9

IBM MQ v8.0

  • Maintenance levels 8.0.0.0 – 8.0.0.8

IBM MQ v9 LTS

  • Maintenance levels 9.0.0.0 – 9.0.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22013025
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397



from IBM Product Security Incident Response Team https://ift.tt/2JO4feh
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us