Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM58D1C563CB775148507F9B1FF6B4577BD0232A23F8EF13B6474F4859DECE1C4E
HistoryFeb 05, 2020 - 12:53 a.m.

Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to a Robot Security Vulnerability (CVE-2017-6168)

2020-02-0500:53:36
www.ibm.com
11

0.003 Low

EPSS

Percentile

65.9%

JSON

Summary

IBM Sterling B2B Integrator is vulnerable to a robot security vulnerability. This could allow an attacker to obtain encrypted data in clear text.

Vulnerability Details

CVEID: CVE-2017-6168 DESCRIPTION: F5 BIG-IP virtual servers configured with a Client SSL profile could allow a remote attacker to obtain sensitive information, caused by an RSA Adaptive Chosen Ciphertext (Bleichenbacher) attack. An attacker can exploit this vulnerability to obtain the data in the encrypted messages once the TLS session has completed. Note: This vulnerability is also known as the ROBOT attack.
CVSS Base Score: 9.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135008&gt;

for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2 - 5.2.5

Remediation/Fixes

PRODUCT & Version

|

APAR

|

Remediation/Fix

—|—|—

IBM Sterling B2B Integrator 5.2 - 5.2.5

| IT24190 |

1. Apply Fix Pack 5020500_18 or 5020603_5 available on

Fix Central

2. Download 5.2.5-OtherSoftware-SI-All-SSL-4.3.7.103 from

Fix Central

3. Unzip ssl-4.3.7.103.zip and put three jars to <SI_Install_Dir>/jdk/jre/lib/ext

4. Restart IBM Sterling B2B Integrator

Workarounds and Mitigations

None

Related

cve 1
cvelist 1
nvd 1
nessus 2
f5 1
prion 1
cert 1
checkpoint_advisories 1
ibm 1
cve
cve
CVE-2017-6168
2017-11-17 19:29:00
cvelist
cvelist
CVE-2017-6168
2017-11-17 19:00:00
nvd
nvd
CVE-2017-6168
2017-11-17 19:29:00
nessus
nessus
F5 Networks BIG-IP : BIG-IP SSL vulnerability (K21905460) (ROBOT)
2017-11-20 00:00:00
Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure
2019-11-08 00:00:00
f5
f5
K21905460 : BIG-IP SSL vulnerability CVE-2017-6168
2017-11-17 00:00:00
prion
prion
Code injection
2017-11-17 19:29:00
cert
cert
TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding
2017-12-12 00:00:00
checkpoint_advisories
checkpoint_advisories
ROBOT TLS_RSA Scanning Attempt (CVE-2012-5081; CVE-2016-6883; CVE-2017-1000385; CVE-2017-12373; CVE-2017-13098; CVE-2017-13099; CVE-2017-17382; CVE-2017-17427; CVE-2017-17428; CVE-2017-17841; CVE-2017-6168)
2017-12-17 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities Impact IBM Predictive Insights
2020-09-08 20:36:15

0.003 Low

EPSS

Percentile

65.9%

JSON
Related for 58D1C563CB775148507F9B1FF6B4577BD0232A23F8EF13B6474F4859DECE1C4E
cve1cvelist1nvd1nessus2f51prion1cert1checkpoint_advisories1ibm1