Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5A3DD1CA1DE13141292D272CF30633991A0D2B5C23FD731A72F0BBDD2A5765F1
HistoryJul 24, 2020 - 10:19 p.m.

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2014-3508, CVE-2014-3511)

2020-07-2422:19:08
www.ibm.com
26
openssl
ibm sterling connect:direct
microsoft windows
vulnerabilities
remote attacker
sensitive information
security restrictions
tls 1.0
downgrade
patch
fix

EPSS

0.009

Percentile

83.1%

JSON

Summary

There are multiple vulnerabilities in OpenSSL that is used by IBM Sterling Connect:Direct for Microsoft Windows. These issues were disclosed on August 6, 2014 by the OpenSSL Project.

Vulnerability Details

CVE-ID: CVE-2014-3508

DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in OBJ_obj2txt. If applications echo pretty printing output, an attacker could exploit this vulnerability to read information from the stack.

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95165&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-ID: CVE-2014-3511

DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by the negotiation of TLS 1.0 instead of higher protocol versions by the OpenSSL SSL/TLS server code when handling a badly fragmented ClientHello message. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to TLS 1.0.

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95162&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Sterling Connect:Direct for Microsoft Windows 4.5.00, 4.5.01 and 4.6.0

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM Sterling Connect:Direct for Microsoft Windows| 4.5.00| IT04643| Apply 4.5.00 patch 054, available on IWM
IBM Sterling Connect:Direct for Microsoft Windows| 4.5.01| IT04643| Apply 4.5.01 patch 020, available on IWM
IBM Sterling Connect:Direct for Microsoft Windows| 4.6.0| IT04643| Apply 4.6.0.5, available on Fix Central

Workarounds and Mitigations

None known

Related

nessus 55
ibm 38
cvelist 3
cve 3
f5 4
prion 3
veracode 2
debiancve 2
openssl 2
nvd 3
ubuntucve 2
checkpoint_advisories 1
openvas 35
centos 2
redhat 5
oraclelinux 6
freebsd_advisory 1
ubuntu 1
huawei 1
osv 2
debian 2
kaspersky 1
securityvulns 2
slackware 1
mageia 1
freebsd 1
aix 1
amazon 1
altlinux 5
fedora 8
gentoo 1
suse 2
lenovo 2
nessus
nessus
Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3508_information_disclosure)
2015-01-19 00:00:00
F5 Networks BIG-IP : TLS vulnerability (SOL15564)
2014-10-10 00:00:00
CentOS 6 / 7 : openssl (CESA-2014:1052)
2014-08-14 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System FC5022 16Gb SAN Scalable Switch Firmware (CVE-2014-3508, CVE-2014-3509, CVE-2014-3511)
2019-01-31 01:55:01
Security Bulletin: Vulnerabilities in OpenSSL affect IBM QRadar SIEM (CVE-2014-3567, CVE-2014-3568, CVE-2014-3508, CVE-2014-3511)
2022-02-23 17:02:11
Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ Advanced Message Security for IBM i platform (CVE-2014-3508)
2018-06-15 07:01:35
cvelist
cvelist
CVE-2014-3508
2014-08-13 23:00:00
CVE-2014-3511
2014-08-13 23:00:00
CVE-2015-5334
2020-01-23 19:56:11
cve
cve
CVE-2014-3508
2014-08-13 23:55:07
CVE-2014-3511
2014-08-13 23:55:07
CVE-2015-5334
2020-01-23 20:15:12
f5
f5
K15571 : OpenSSL vulnerability CVE-2014-3508
2014-09-05 00:00:00
SOL15571 - OpenSSL vulnerability CVE-2014-3508
2014-09-05 00:00:00
SOL15564 - TLS vulnerability CVE-2014-3511
2014-09-05 00:00:00
prion
prion
Design/Logic Flaw
2014-08-13 23:55:00
Design/Logic Flaw
2014-08-13 23:55:00
Stack overflow
2020-01-23 20:15:00
veracode
veracode
Information Disclosure
2017-02-07 01:12:09
Man-in-the-Middle (MitM)
2017-02-07 00:57:09
debiancve
debiancve
CVE-2014-3508
2014-08-13 23:55:07
CVE-2014-3511
2014-08-13 23:55:07
openssl
openssl
Vulnerability in OpenSSL - Information leak in pretty printing functions
2014-08-06 00:00:00
Vulnerability in OpenSSL - OpenSSL TLS protocol downgrade attack
2014-08-06 00:00:00
nvd
nvd
CVE-2014-3508
2014-08-13 23:55:07
CVE-2014-3511
2014-08-13 23:55:07
CVE-2015-5334
2020-01-23 20:15:12
ubuntucve
ubuntucve
CVE-2014-3508
2014-08-07 00:00:00
CVE-2014-3511
2014-08-07 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL TLS Protocol Downgrade Attack (CVE-2014-3511)
2014-11-10 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2014-1052)
2015-10-06 00:00:00
RedHat Update for openssl RHSA-2014:1052-01
2014-08-14 00:00:00
CentOS Update for openssl CESA-2014:1052 centos6
2014-08-14 00:00:00
centos
centos
openssl security update
2014-08-13 20:10:43
openssl security update
2014-08-13 19:52:24
redhat
redhat
(RHSA-2014:1054) Moderate: openssl security update
2014-08-14 00:00:00
(RHSA-2014:1052) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2015:0197) Moderate: rhevm-spice-client security and bug fix update
2014-07-25 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-08-13 00:00:00
openssl security update
2014-08-13 00:00:00
openssl security update
2014-10-16 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:18.openssl
2014-09-09 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-08-07 00:00:00
huawei
huawei
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
2014-10-08 00:00:00
osv
osv
openssl - security update
2014-08-07 00:00:00
libcrypto38-2.5.0-1.1 on GA media
2024-06-15 00:00:00
debian
debian
[SECURITY] [DSA 2998-1] openssl security update
2014-08-06 23:44:13
[DLA 33-1] openssl security update
2014-08-07 20:36:09
kaspersky
kaspersky
KLA10343 Multiple vulnerabilities in Stunnel
2014-08-07 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-08-07 00:00:00
Qualys Security Advisory - LibreSSL &#40;CVE-2015-5333 and CVE-2015-5334&#41;
2015-10-19 00:00:00
slackware
slackware
[slackware-security] openssl
2014-08-08 21:22:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2014-08-12 13:16:46
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-08-06 00:00:00
aix
aix
AIX OpenSSL Denial of Service due to double free and others
2014-09-09 00:50:00
amazon
amazon
Medium: openssl
2014-08-07 12:26:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20
2014-08-09 07:36:05
[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19
2014-08-09 07:34:58
[SECURITY] Fedora 20 Update: mingw-openssl-1.0.1j-1.fc20
2015-01-02 05:03:10
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2014-12-26 00:00:00
suse
suse
Security update for compat-openssl097g (important)
2015-03-24 00:05:09
Security update for libopenssl0_9_8 (important)
2016-03-03 14:11:44
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51

EPSS

0.009

Percentile

83.1%

JSON
Related for 5A3DD1CA1DE13141292D272CF30633991A0D2B5C23FD731A72F0BBDD2A5765F1
nessus55ibm38cvelist3cve3f54prion3veracode2debiancve2openssl2nvd3ubuntucve2checkpoint_advisories1openvas35centos2redhat5oraclelinux6freebsd_advisory1ubuntu1huawei1osv2debian2kaspersky1securityvulns2slackware1mageia1freebsd1aix1amazon1altlinux5fedora8gentoo1suse2lenovo2