Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM88A09A4D8908DB4DC379DED30A49E878DD6D35049F0F339D3E46C425E07ED738
HistoryDec 18, 2019 - 2:26 p.m.

Security Bulletin: IBM i is affected by GSKIT vulnerability CVE-2018-1388

2019-12-1814:26:38
www.ibm.com
54

0.002 Low

EPSS

Percentile

53.1%

JSON

Summary

IBM i GSKIT is vulnerable to this security vulnerability. IBM i has addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2018-1388 DESCRIPTION: GSKit V7 may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding.
CVSS Base Score: 9.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/138212 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Releases 7.1, 7.2 and 7.3 of IBM i are affected.

Remediation/Fixes

The issue can be fixed by applying a PTF to IBM i.

Releases 7.1, 7.2 and 7.3 of IBM i are supported and will be fixed.

http://www-933.ibm.com/support/fixcentral/

The IBM i PTF numbers are:

Release 7.1 – MF64537 Release 7.2 – MF64536 Release 7.3 – MF64534

_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm ieq7.1.0

Related

nessus 2
ibm 12
prion 1
nvd 1
cve 1
cvelist 1
aix 1
nessus
nessus
IBM HTTP Server 7.0.0.0 <= 7.0.0.43 Information Disclosure (567509)
2021-01-06 00:00:00
IBM WebSphere MQ 7.0.1.x ROBOT Vulnerability
2018-03-20 00:00:00
ibm
ibm
Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2018-1388)
2018-06-15 07:08:57
Security Bulletin: IBM Security Directory Server is affected by a vulnerability in GSKit
2018-12-12 15:35:01
Security Bulletin: WebSphere MQ is vulnerable to disclosing side channel information via discrepencies between valid and invalid PKCS#1 padding. ROBOT. (CVE-2018-1388)
2018-06-15 07:08:50
prion
prion
Information disclosure
2018-02-07 17:29:00
nvd
nvd
CVE-2018-1388
2018-02-07 17:29:01
cve
cve
CVE-2018-1388
2018-02-07 17:29:01
cvelist
cvelist
CVE-2018-1388
2018-02-01 00:00:00
aix
aix
Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX
2018-12-14 12:09:04

0.002 Low

EPSS

Percentile

53.1%

JSON
Related for 88A09A4D8908DB4DC379DED30A49E878DD6D35049F0F339D3E46C425E07ED738
nessus2ibm12prion1nvd1cve1cvelist1aix1