Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM35CE36470C6858208CBE35C645C86A8D11D93A44B60AA51330017D13664912F6
HistoryDec 07, 2023 - 10:45 p.m.

Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)

2023-12-0722:45:03
www.ibm.com
7
openssl vulnerabilities
ibm firmware
gcm16
gcm32
lcm8
lcm16
kvm switch
fix central

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.042 Low

EPSS

Percentile

92.3%

JSON

Summary

IBM GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL.

Vulnerability Details

CVEID:CVE-2018-0732
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144658&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. An attacker could exploit this vulnerability using a 0-byte record padding-oracle attack to decrypt traffic.
CVSS Base Score: 5.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157514&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Affected Products and Versions

Product

|

Version

—|—

LCM8 & LCM16 KVM Switch Firmware

| v1.0

GCM16 & GCM32 KVM Switch Firmware

|

v2.0

Remediation/Fixes

Firmware fix versions are available on Fix Central: [http://www.ibm.com/support/fixcentral/](<http://www.ibm.com/support/fixcentral/ >)[ ](<http://www.ibm.com/support/fixcentral/ >)

Product

|

Fix Version

—|—

LCM8 & LCM16 KVM Switch Firmware

(ibm_fw_lcm8_lcm16_v1.2.50.00_anyos_noarch)

| v1.2.50.00

GCM16 & GCM32 KVM Switch Firmware

(ibm_fw_gcm16_gcm32_v2.4.0.25463_anyos_noarch)

|

v2.4.0.25463

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmpureapplication_systemMatchany
OR
ibmflex_system_managerMatchany
OR
ibmpureapplication_systemMatchany

Related

oraclelinux 1
ibm 47
freebsd 2
cloudfoundry 1
suse 8
nessus 55
osv 4
veracode 3
redhat 1
redhatcve 2
paloalto 1
openvas 33
ubuntu 1
centos 1
cve 2
ubuntucve 2
f5 2
alpinelinux 2
archlinux 2
debian 2
debiancve 2
altlinux 1
aix 2
hackerone 1
symantec 2
nvd 2
cvelist 2
amazon 1
slackware 1
openssl 2
mageia 1
qualysblog 1
prion 2
tenable 2
broadcom 2
gentoo 1
ics 1
checkpoint_advisories 1
oraclelinux
oraclelinux
openssl security update
2019-08-14 00:00:00
ibm
ibm
Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities
2019-07-30 21:50:34
Security Bulletin: IBM Cloud Private for Data is affected by a vulnerabilty in OpenSSL (CVE-2019-1559)
2019-10-03 22:50:40
Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability
2020-10-06 20:41:11
freebsd
freebsd
OpenSSL -- Padding oracle vulnerability
2019-02-19 00:00:00
OpenSSL -- Client DoS due to large DH parameter
2018-06-12 00:00:00
cloudfoundry
cloudfoundry
USN-3899-1: OpenSSL vulnerability | Cloud Foundry
2019-03-21 00:00:00
suse
suse
Security update for openssl (moderate)
2019-04-08 00:00:00
Security update for openssl-1_0_0 (moderate)
2019-05-22 00:00:00
Security update for openssl-1_1 (moderate)
2018-07-28 15:09:18
nessus
nessus
FreeBSD : OpenSSL -- Padding oracle vulnerability (7700061f-34f7-11e9-b95c-b499baebfeaf)
2019-02-21 00:00:00
SUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2019:0600-1)
2019-03-13 00:00:00
Debian DLA-1701-1 : openssl security update
2019-03-04 00:00:00
osv
osv
openssl1.0 - security update
2019-02-28 00:00:00
openssl - security update
2019-03-01 00:00:00
CVE-2019-1559
2019-02-27 23:29:00
veracode
veracode
Padding Oracle Attack
2019-03-01 01:32:23
Denial Of Service (DoS)
2018-06-13 03:48:25
Denial Of Service (DoS)
2019-01-15 09:24:14
redhat
redhat
(RHSA-2019:2471) Moderate: openssl security update
2019-08-13 14:07:51
redhatcve
redhatcve
CVE-2019-1559
2019-10-08 17:49:09
CVE-2018-0732
2018-06-14 05:18:51
paloalto
paloalto
OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS
2019-12-04 17:00:00
openvas
openvas
openSUSE: Security Advisory for openssl (openSUSE-SU-2019:1175-1)
2019-04-09 00:00:00
OpenSSL: 0-byte record padding oracle (CVE-2019-1559) - Linux
2019-02-27 00:00:00
openSUSE: Security Advisory for openssl-1_0_0 (openSUSE-SU-2019:1105-1)
2019-04-03 00:00:00
ubuntu
ubuntu
OpenSSL vulnerability
2019-02-27 00:00:00
centos
centos
openssl security update
2019-08-16 21:53:45
cve
cve
CVE-2019-1559
2019-02-27 23:29:00
CVE-2018-0732
2018-06-12 13:29:00
ubuntucve
ubuntucve
CVE-2019-1559
2019-02-26 00:00:00
CVE-2018-0732
2018-06-12 00:00:00
f5
f5
K18549143 : OpenSSL vulnerability CVE-2019-1559
2019-03-19 00:00:00
K21665601 : OpenSSL vulnerability CVE-2018-0732
2018-07-20 00:00:00
alpinelinux
alpinelinux
CVE-2019-1559
2019-02-27 23:29:00
CVE-2018-0732
2018-06-12 13:29:00
archlinux
archlinux
[ASA-201903-2] openssl-1.0: information disclosure
2019-03-02 00:00:00
[ASA-201903-6] lib32-openssl-1.0: information disclosure
2019-03-03 00:00:00
debian
debian
[SECURITY] [DSA 4400-1] openssl1.0 security update
2019-02-28 22:13:35
[SECURITY] [DLA 1701-1] openssl security update
2019-03-01 22:55:06
debiancve
debiancve
CVE-2019-1559
2019-02-27 23:29:00
CVE-2018-0732
2018-06-12 13:29:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2r-alt1
2019-03-20 00:00:00
aix
aix
There is a vulnerability in OpenSSL used by AIX.
2019-04-16 10:48:55
Vulnerability in OpenSSL affects AIX (CVE-2018-0732)
2018-09-19 08:44:29
hackerone
hackerone
Internet Bug Bounty: Client DoS due to large DH parameter (CVE-2018-0732)
2018-06-12 11:15:31
symantec
symantec
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12 00:00:00
OpenSSL CVE-2019-1559 Information Disclosure Vulnerability
2019-02-26 00:00:00
nvd
nvd
CVE-2018-0732
2018-06-12 13:29:00
CVE-2019-1559
2019-02-27 23:29:00
cvelist
cvelist
CVE-2018-0732 Client DoS due to large DH parameter
2018-06-12 00:00:00
CVE-2019-1559 0-byte record padding oracle
2019-02-26 00:00:00
amazon
amazon
Medium: openssl
2018-10-30 20:50:00
slackware
slackware
[slackware-security] openssl (slackware 14.2)
2019-02-27 04:12:59
openssl
openssl
Vulnerability in OpenSSL CVE-2019-1559
2019-02-26 00:00:00
Vulnerability in OpenSSL CVE-2018-0732
2018-06-12 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2019-03-07 19:34:45
qualysblog
qualysblog
Zombie POODLE and GOLDENDOODLE Vulnerabilities
2019-04-22 08:40:40
prion
prion
Design/Logic Flaw
2019-02-27 23:29:00
Design/Logic Flaw
2018-06-12 13:29:00
tenable
tenable
[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities
2018-10-23 21:15:12
[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities
2018-10-23 21:15:12
broadcom
broadcom
CVE-2018-0732. Client DoS due to large DH parameter.
2022-09-13 00:00:00
CVE-2018-0732. Client DoS due to large DH parameter.
2022-09-13 00:00:00
gentoo
gentoo
OpenSSL: Denial of service
2018-11-09 00:00:00
ics
ics
Siemens TIM 1531 IRC
2021-06-08 12:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL Denial of Service (CVE-2018-0732)
2019-02-17 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.042 Low

EPSS

Percentile

92.3%

JSON
Related for 35CE36470C6858208CBE35C645C86A8D11D93A44B60AA51330017D13664912F6
oraclelinux1ibm47freebsd2cloudfoundry1suse8nessus55osv4veracode3redhat1redhatcve2paloalto1openvas33ubuntu1centos1cve2ubuntucve2f52alpinelinux2archlinux2debian2debiancve2altlinux1aix2hackerone1symantec2nvd2cvelist2amazon1slackware1openssl2mageia1qualysblog1prion2tenable2broadcom2gentoo1ics1checkpoint_advisories1