7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
High
0.068 Low
EPSS
Percentile
93.9%
Multiple security problems exist in the IBM GSKit libraries that IBM Informix and IBM Informix ClientSDK use to provide communications security and other cryptographic functionality.
**CVE ID:**CVE-2012-2190
DESCRIPTION:
GSKit allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol.
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/75994 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
**CVE ID:**CVE-2012-2191
DESCRIPTION:
GSKit does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer.
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/75996 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
**CVE ID:**CVE-2012-2203
DESCRIPTION:
GSKit uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.
CVSS:
CVSS Base Score; 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/77280 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
AFFECTED PRODUCTS:
IBM Informix 11.50.xC9W2 or earlier
IBM Informix 11.70.xC6 or earlier
IBM Informix ClientSDK 3.50.xC9W2 or earlier
IBM Informix ClientSDK 3.70.xC6 or earlier
REMEDIATION:
Upgrade to the latest fixpack for the products.
Fix(es):
The fix is available in these versions at Fix Central:
IBM Informix 11.50 β upgrade to Informix 11.50.xC9W3 or later
IBM Informix 11.70 β upgrade to Informix 11.70.xC7 or later
IBM Informix ClientSDK 3.50 β upgrade to CSDK 3.50.xC9W3 or later
IBM Informix ClientSDK 3.70 β upgrade to CSDK 3.70.xC7 or later_
_
Workaround(s): None known.
Mitigation(s): None known.
REFERENCES:
RELATED INFORMATION:
CHANGE HISTORY: 2013-04-12 Original version published.
_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _
_Note: _According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an βindustry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.β IBM PROVIDES THE CVSS SCORES βAS ISβ WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
[{βProductβ:{βcodeβ:βSSGU8Gβ,βlabelβ:βInformix Serversβ},βBusiness Unitβ:{βcodeβ:βBU053β,βlabelβ:βCloud & Data Platformβ},βComponentβ:βββ,βPlatformβ:[{βcodeβ:βPF002β,βlabelβ:βAIXβ},{βcodeβ:βPF010β,βlabelβ:βHP-UXβ},{βcodeβ:βPF016β,βlabelβ:βLinuxβ},{βcodeβ:βPF022β,βlabelβ:βOS Xβ},{βcodeβ:βPF027β,βlabelβ:βSolarisβ},{βcodeβ:βPF033β,βlabelβ:βWindowsβ}],βVersionβ:β11.7;11.70β,βEditionβ:ββ,βLine of Businessβ:{βcodeβ:βLOB10β,βlabelβ:βData and AIβ}}]
CPE | Name | Operator | Version |
---|---|---|---|
informix servers | eq | 11.7 | |
informix servers | eq | 11.70 |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
High
0.068 Low
EPSS
Percentile
93.9%