IBM has addressed the relevant CVE (CVE-2020-1968)
CVEID:CVE-2020-1968
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite, an attacker could exploit this vulnerability to eavesdrop on all encrypted communications sent over that TLS connection.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187977 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM DataPower Gateway | 2018.4.1.0-20180401015 |
Affected Release | Fixed in release | APAR |
---|---|---|
IBM DataPower Gateway 2018.4.1 | 2018.4.1.16 | IT26029 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm datapower gateway | eq | 2018.4.1 |