Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM43EF9BC4B1A6B364F17E996DD161926D138459405597DCA8872EA7121211BC66
HistoryDec 19, 2018 - 8:55 p.m.

Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM

2018-12-1920:55:02
www.ibm.com
11

0.003 Low

EPSS

Percentile

65.2%

JSON

Summary

IBM Security Guardium has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPU’'s could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or “SpectreNG”.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143569&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 10.0 - 10.5

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 10.0 - 10.5 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=10.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_10.0p520_Bundle_Dec-06-2018&amp;includeSupersedes=0&amp;source=fc

Workarounds and Mitigations

None

Related

ibm 4
openvas 29
nessus 95
oraclelinux 9
centos 8
amazon 5
kaspersky 2
zdt 1
suse 2
photon 1
osv 2
redhat 24
f5 1
fedora 5
virtuozzo 1
mageia 1
debian 1
citrix 1
debiancve 1
msrc 1
veracode 1
nvd 1
vmware 1
ubuntu 1
cvelist 1
cve 1
ibm
ibm
Security Bulletin: IBM Cloud Manager is affected by the vulnerabilities known as SpectreNG (CVE-2018-3639)
2018-08-08 04:13:55
Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4.
2018-08-17 23:06:03
Security Bulletin: IBM Netezza Host Management is affected by the vulnerability known as Variant 4 or SpectreNG.
2019-10-18 03:36:34
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0262)
2022-01-28 00:00:00
CentOS Update for qemu-img CESA-2018:1633 centos7
2018-05-23 00:00:00
Fedora Update for java-1.8.0-openjdk FEDORA-2019-ec644ec323
2019-05-07 00:00:00
nessus
nessus
RHEL 7 : qemu-kvm-rhev (RHSA-2019:0148)
2024-04-27 00:00:00
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:1378-1) (Spectre)
2018-05-23 00:00:00
RHEL 6 : kernel (RHSA-2018:1651)
2018-05-23 00:00:00
oraclelinux
oraclelinux
libvirt security update
2018-05-22 00:00:00
java-1.7.0-openjdk security update
2018-05-22 00:00:00
kernel security and bug fix update
2018-05-22 00:00:00
centos
centos
java security update
2018-05-22 18:16:51
kernel, perf, python security update
2018-05-22 15:35:50
java security update
2018-05-22 15:32:03
amazon
amazon
Important: java-1.7.0-openjdk
2018-06-08 18:32:00
Important: java-1.7.0-openjdk
2018-06-08 18:05:00
Important: java-1.8.0-openjdk
2018-06-08 18:10:00
kaspersky
kaspersky
KLA11893 Microsoft Advisory for Microsoft Products (ESU)
2018-05-21 00:00:00
KLA11030 Speculative Store Bypass and Rogue System Register Read vulnerabilities in Microsoft Surface Products
2018-05-21 00:00:00
zdt
zdt
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit
2018-05-23 00:00:00
suse
suse
Security update for libvirt (important)
2018-06-09 15:07:56
Security update for libvirt (moderate)
2018-08-13 12:07:25
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0151
2018-06-22 00:00:00
osv
osv
xen - security update
2018-05-25 00:00:00
CVE-2018-3639
2018-05-22 12:29:00
redhat
redhat
(RHSA-2018:1648) Important: java-1.7.0-openjdk security update
2018-05-21 21:13:32
(RHSA-2018:1642) Important: kernel-rt security update
2018-05-21 23:03:53
(RHSA-2018:1654) Important: qemu-kvm-rhev security update
2018-05-21 23:03:56
f5
f5
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
2018-07-10 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc29
2019-02-11 01:57:50
[SECURITY] Fedora 28 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc28
2019-02-25 01:34:09
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.212.b04-0.fc29
2019-05-03 03:43:22
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)
2018-05-23 00:00:00
mageia
mageia
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
debian
debian
[SECURITY] [DSA 4210-1] xen security update
2018-05-25 05:00:47
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
debiancve
debiancve
CVE-2018-3639
2018-05-22 12:29:00
msrc
msrc
Analysis and mitigation of speculative store bypass (CVE-2018-3639)
2018-05-21 07:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:22:18
nvd
nvd
CVE-2018-3639
2018-05-22 12:29:00
vmware
vmware
VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.
2018-05-21 00:00:00
ubuntu
ubuntu
QEMU update
2018-06-12 00:00:00
cvelist
cvelist
CVE-2018-3639
2018-05-21 00:00:00
cve
cve
CVE-2018-3639
2018-05-22 12:29:00

0.003 Low

EPSS

Percentile

65.2%

JSON
Related for 43EF9BC4B1A6B364F17E996DD161926D138459405597DCA8872EA7121211BC66
ibm4openvas29nessus95oraclelinux9centos8amazon5kaspersky2zdt1suse2photon1osv2redhat24f51fedora5virtuozzo1mageia1debian1citrix1debiancve1msrc1veracode1nvd1vmware1ubuntu1cvelist1cve1