Lucene search
IBM1AA4689F61391429998123661409491C7FFF90C591FBB12E8BE2CA2BE514C7C6HistoryFeb 05, 2020 - 12:53 a.m.
Security Bulletin: Security vulnerability in OpenSSL affects IBM Sterling B2B Integrator (CVE-2017-3736)
2020-02-0500:53:36
www.ibm.com
21
0.002 Low
EPSS
Percentile
54.3%
Summary
Security vulnerability in OpenSSL affects IBM Sterling B2B Integrator
Vulnerability Details
CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3
Remediation/Fixes
PRODUCT & Version
|
Remediation/Fix
—|—
IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3
|
SWIFTNet Customers must upgrade their B2B Integrator at least to 5020603_2, 5020602_4 or 5020601_7 on Fix Central and current version of OpenSSL to version 1.0.2m
Workarounds and Mitigations
No
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm sterling b2b integrator | eq | 5.2.0 | |
| ibm sterling b2b integrator | eq | 5.2.6 |
Related
ibm
ibm
prion
prion
Design/Logic Flaw
2017-11-02 17:29:00
Buffer overflow
2017-12-07 16:29:00
openvas
openvas
Slackware: Security Advisory (SSA:2017-306-02)
2022-04-21 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2018-1339)
2020-01-23 00:00:00
Fedora Update for compat-openssl10 FEDORA-2017-512a6c5aae
2017-11-23 00:00:00
redhatcve
redhatcve
CVE-2017-3736
2019-10-10 23:39:39
CVE-2017-3738
2019-10-08 22:39:45
nessus
nessus
Oracle Tuxedo Information Disclosure (Apr 2018 CPU)
2020-04-29 00:00:00
F5 Networks BIG-IP : OpenSSL vulnerability (K14363514)
2017-12-18 00:00:00
EulerOS Virtualization 2.5.0 : openssl (EulerOS-SA-2018-1339)
2018-10-26 00:00:00
alpinelinux
alpinelinux
CVE-2017-3736
2017-11-02 17:29:00
CVE-2017-3738
2017-12-07 16:29:00
cvelist
cvelist
CVE-2017-3736
2017-11-02 00:00:00
CVE-2017-3738
2017-12-07 00:00:00
f5
f5
K14363514 : OpenSSL vulnerability CVE-2017-3736
2017-12-15 00:00:00
K34681653 : OpenSSL vulnerability CVE-2017-3738
2018-01-26 00:00:00
slackware
slackware
[slackware-security] openssl
2017-11-03 06:24:38
cve
cve
CVE-2017-3736
2017-11-02 17:29:00
CVE-2017-3738
2017-12-07 16:29:00
veracode
veracode
Carry Propagation
2017-11-03 02:16:40
nvd
nvd
CVE-2017-3736
2017-11-02 17:29:00
CVE-2017-3738
2017-12-07 16:29:00
openssl
openssl
Vulnerability in OpenSSL CVE-2017-3736
2017-11-02 00:00:00
Vulnerability in OpenSSL CVE-2017-3738
2017-12-07 00:00:00
debiancve
debiancve
CVE-2017-3736
2017-11-02 17:29:00
CVE-2017-3738
2017-12-07 16:29:00
ubuntucve
ubuntucve
CVE-2017-3736
2017-11-02 00:00:00
CVE-2017-3738
2017-12-07 00:00:00
osv
osv
CVE-2017-3736
2017-11-02 17:29:00
openssl1.0 - security update
2017-11-03 00:00:00
CVE-2017-3738
2017-12-07 16:29:00
fedora
fedora
[SECURITY] Fedora 26 Update: compat-openssl10-1.0.2m-1.fc26
2017-11-22 02:35:21
[SECURITY] Fedora 27 Update: openssl-1.1.0g-1.fc27
2017-11-21 23:39:13
[SECURITY] Fedora 26 Update: openssl-1.1.0g-1.fc26
2017-11-28 16:28:13
freebsd
freebsd
OpenSSL -- Multiple vulnerabilities
2017-11-02 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2017-11-29 00:00:00
archlinux
archlinux
[ASA-201711-14] openssl: multiple issues
2017-11-07 00:00:00
[ASA-201712-9] openssl-1.0: multiple issues
2017-12-16 00:00:00
[ASA-201711-15] lib32-openssl: multiple issues
2017-11-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2m-alt1
2017-11-04 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.2m-alt1
2017-11-04 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2m-alt1
2017-11-04 00:00:00
nodejsblog
nodejsblog
OpenSSL update, 1.0.2m
2017-10-30 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-17:11.openssl
2017-11-29 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2017-11-09 01:43:48
Updated openssl packages fix security vulnerabilities
2017-12-17 02:20:04
debian
debian
[SECURITY] [DSA 4018-1] openssl security update
2017-11-03 23:23:25
[SECURITY] [DSA 4017-1] openssl1.0 security update
2017-11-03 23:03:01
[SECURITY] [DSA 4018-1] openssl security update
2017-11-03 23:23:25
symantec
symantec
SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017
2017-11-30 08:00:00
cloudfoundry
cloudfoundry
USN-3475-1: OpenSSL vulnerabilities | Cloud Foundry
2017-11-27 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2017-11-06 00:00:00
oraclelinux
oraclelinux
openssl security and bug fix update
2018-04-16 00:00:00
openssl security update
2018-04-18 00:00:00
redhat
redhat
(RHSA-2018:0998) Moderate: openssl security and bug fix update
2018-04-10 05:05:23
centos
centos
openssl security update
2018-04-26 17:48:29
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2017-12-14 00:00:00
suse
suse
Security update for openssl (important)
2017-12-16 15:07:17
Security update for openssl (important)
2017-12-16 06:08:45
amazon
amazon
Medium: openssl
2018-05-10 17:29:00
0.002 Low
EPSS
Percentile
54.3%
Related for 1AA4689F61391429998123661409491C7FFF90C591FBB12E8BE2CA2BE514C7C6