Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL

Summary

The vulnerability in CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix (iFix) available on Fix Central for all 3 affected versions.

Vulnerability Details

CVEID:CVE-2020-1968
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite, an attacker could exploit this vulnerability to eavesdrop on all encrypted communications sent over that TLS connection.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187977 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

This issue with OpenSSL has been resolved and available on Fix Central as an iFix for clients to apply.
Depending on the version a client is running, they should apply latest iFix package available for the 3 MDM versions impacted - 11.5.0, 11.6.0 and 12.0.

Workarounds and Mitigations

None