A flaw in the JSSE component causes cipher suites to be offered in the wrong order, with some weaker cipher suites ahead of stronger cipher suites. The fix ensures that stronger cipher suites are offered before weaker cipher suites.
CVEID:CVE-2021-35550
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Control Center | 6.1.3 |
IBM Control Center | 6.2.1.0 |
IBM Control Center | 6.2.0.0 |
Product
|
VRMF
|
iFix
|
Remediation
—|—|—|—
IBM Control Center
|
6.1.3.0
|
iFix12
|
IBM Control Center
|
6.2.0.0
|
iFix16
|
Fix Central - 6.2.0.0 (ETA by 3-25-2022)
IBM Control Center
|
6.2.1.0
|
iFix06
|
Fix Central - 6.2.1.0 (ETA by 3-25-2022)
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm control center | eq | 6.2.0.0 | |
ibm control center | eq | 6.2.1.0 | |
ibm control center | eq | 6.1.3.0 |