Lucene search

IBM0779C525117C75BC64B57D8564A369428A4079ED00371B84B45A1F3B7CEBFABF

HistoryOct 31, 2023 - 2:40 p.m.

Security Bulletin: A vulnerability in OpenSSL affects IBM Storage Protect Backup-Archive Client on Linux x86_64 and Microsoft Windows (CVE-2019-1547)

2023-10-3114:40:39

www.ibm.com

ibm

storage protect

backup-archive

openssl

linux

windows

vulnerability

2019-1547

information exposure

version 8.1.19.0

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

46.6%

JSON

Summary

IBM Storage Protect Backup-Archive Client on Linux x86_64 and Microsoft Windows can be affected by a vulnerability in OpenSSL. The vulnerability can lead sensitive information exposure, as described by the CVE in the “Vulnerability Details” section. The vulnerability have been addressed.

Vulnerability Details

CVEID:CVE-2019-1547
**DESCRIPTION:**OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group missing the cofactor using explicit parameters instead of using a named curve. An attacker could exploit this vulnerability to obtain full key recovery during an ECDSA signature operation.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167020 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Storage Protect Backup-Archive Client	8.1.0.0 - 8.1.17.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading. The vulnerability is fixed as of version 8.1.19.0, but version 8.1.20.0 or later is recommended.

Linux x86_64
Windows

| <https://www.ibm.com/support/pages/node/7015829>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmstorage_protectMatch8.1

VendorProductVersionCPE
ibmstorage_protect8.1cpe:2.3:a:ibm:storage_protect:8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	storage_protect	8.1	cpe:2.3:a:ibm:storage_protect:8.1:::::::*

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

46.6%

JSON

Related for 0779C525117C75BC64B57D8564A369428A4079ED00371B84B45A1F3B7CEBFABF