The Windows and z/OS Security Identity Adapters are now upgraded to a more current release to correct CVE (CVE-2018-0737) “OpenSSL RSA Key generation algorithm information disclosure”.
CVEID: CVE-2018-0737 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141679> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
IBM Security Identity Manager v6.0 Adapters for Windows and z/OS platforms
Security Identity Adapters v7.x for Windows and z/OS platforms
Obtain the latest GA levels of 6.0 or 7.x adapters, as found on the Fix Link pages listed below: