Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6C2CD836C8803E429B442ABD7452FC4EB3DBD559D22D6177037208BD7B434947
HistoryDec 18, 2019 - 5:54 p.m.

Security Bulletin: Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local

2019-12-1817:54:07
www.ibm.com
16

EPSS

0.006

Percentile

78.2%

JSON

Summary

Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local

Vulnerability Details

CVEID:CVE-2018-10844
**DESCRIPTION:**It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148731 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2018-10845
**DESCRIPTION:**It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148730 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2018-10846
**DESCRIPTION:**A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of “Just in Time” Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148725 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Studio - Local 1.2.3

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM Watson Studio Local 2.1 <https://www.ibm.com/software/passportadvantage/pao_customer.html&gt;
IBM Cloud Pak for Data 2.5 <https://www.ibm.com/software/passportadvantage/pao_customer.html&gt;

Workarounds and Mitigations

None

Related

nessus 33
openvas 24
redhat 2
debian 1
ibm 6
oraclelinux 1
amazon 1
centos 1
osv 5
mageia 1
suse 2
fedora 2
ubuntucve 3
ubuntu 1
cloudfoundry 1
redhatcve 3
cvelist 3
prion 3
cve 3
veracode 4
debiancve 3
nvd 3
nessus
nessus
Amazon Linux 2 : gnutls (ALAS-2018-1120)
2018-12-10 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : gnutls Multiple Vulnerabilities (NS-SA-2019-0068)
2019-08-12 00:00:00
Oracle Linux 7 : gnutls (ELSA-2018-3050)
2018-11-07 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1560-1)
2018-11-04 00:00:00
Mageia: Security Advisory (MGASA-2018-0435)
2022-01-28 00:00:00
Fedora: Security Advisory for mingw-gnutls (FEDORA-2020-d14280a6e8)
2020-05-11 00:00:00
redhat
redhat
(RHSA-2018:3050) Moderate: gnutls security, bug fix, and enhancement update
2018-10-30 04:12:52
(RHSA-2018:3505) Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image
2018-11-06 15:39:03
debian
debian
[SECURITY] [DLA 1560-1] gnutls28 security update
2018-10-30 16:34:01
ibm
ibm
Security Bulletin: Vulnerabilities in GnuTLS affect PowerKVM
2018-12-17 14:20:01
Security Bulletin: IBM Security Guardium is aware of a GnuTLS vulnerability
2019-02-19 20:20:01
Security Bulletin: Vulnerability in GnuTLS affects Power Hardware Management Console ( CVE-2018-10845 CVE-2018-10844)
2021-09-22 23:05:38
oraclelinux
oraclelinux
gnutls security, bug fix, and enhancement update
2018-11-05 00:00:00
amazon
amazon
Medium: gnutls
2018-12-06 20:25:00
centos
centos
gnutls security update
2018-12-14 16:36:35
osv
osv
gnutls28 - security update
2018-10-30 00:00:00
CVE-2018-10845
2018-08-22 13:29:00
CVE-2018-10844
2018-08-22 13:29:00
mageia
mageia
Updated gnutls packages fix security vulnerabilities
2018-11-03 14:55:18
suse
suse
Security update for gnutls (moderate)
2018-09-25 15:11:36
Security update for gnutls (moderate)
2018-10-01 12:08:01
fedora
fedora
[SECURITY] Fedora 31 Update: mingw-gnutls-3.6.13-1.fc31
2020-05-08 04:01:03
[SECURITY] Fedora 32 Update: mingw-gnutls-3.6.13-1.fc32
2020-05-08 02:45:52
ubuntucve
ubuntucve
CVE-2018-10846
2018-08-22 00:00:00
CVE-2018-10845
2018-08-22 00:00:00
CVE-2018-10844
2018-08-22 00:00:00
ubuntu
ubuntu
GnuTLS vulnerabilities
2019-05-30 00:00:00
cloudfoundry
cloudfoundry
USN-3999-1: GnuTLS vulnerabilities | Cloud Foundry
2019-06-18 00:00:00
redhatcve
redhatcve
CVE-2018-10846
2019-12-27 03:27:35
CVE-2018-10845
2019-12-31 21:25:54
CVE-2018-10844
2020-01-16 15:27:45
cvelist
cvelist
CVE-2018-10845
2018-08-22 13:00:00
CVE-2018-10846
2018-08-22 13:00:00
CVE-2018-10844
2018-08-22 13:00:00
prion
prion
Code injection
2018-08-22 13:29:00
Cross site scripting
2018-08-22 13:29:00
Code injection
2018-08-22 13:29:00
cve
cve
CVE-2018-10845
2018-08-22 13:29:00
CVE-2018-10844
2018-08-22 13:29:00
CVE-2018-10846
2018-08-22 13:29:00
veracode
veracode
Side-Channel Attack
2018-11-01 03:10:27
Timing Attack
2018-08-23 08:49:33
Timing Attack
2019-01-15 09:26:53
debiancve
debiancve
CVE-2018-10846
2018-08-22 13:29:00
CVE-2018-10844
2018-08-22 13:29:00
CVE-2018-10845
2018-08-22 13:29:00
nvd
nvd
CVE-2018-10846
2018-08-22 13:29:00
CVE-2018-10844
2018-08-22 13:29:00
CVE-2018-10845
2018-08-22 13:29:00

EPSS

0.006

Percentile

78.2%

JSON
Related for 6C2CD836C8803E429B442ABD7452FC4EB3DBD559D22D6177037208BD7B434947
nessus33openvas24redhat2debian1ibm6oraclelinux1amazon1centos1osv5mageia1suse2fedora2ubuntucve3ubuntu1cloudfoundry1redhatcve3cvelist3prion3cve3veracode4debiancve3nvd3