Lucene search
IBM8976330D24BA16C6597AF93C67C2A46121ECFA13975E064BAC48376E8563DA89HistoryJun 17, 2018 - 5:05 a.m.
Security Bulletin: Vulnerabilities in OpenSSL affect Rational Automation Framework (CVE-2015-1790)
2018-06-1705:05:14
www.ibm.com
21
0.433 Medium
EPSS
Percentile
97.4%
Summary
OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by Rational Automation Framework. Rational Automation Framework has addressed the applicable CVEs.
Vulnerability Details
CVEID: CVE-2015-1790
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103780 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
Rational Automation Framework 3.0.1, 3.0.1.1, 3.0.1.2.x, 3.0.1.3.x on all supported platforms.
Remediation/Fixes
Upgrade to RAF 3.0.1.3 ifix5 or later.
Workarounds and Mitigations
None
Related
openssl
openssl
Vulnerability in OpenSSL CVE-2015-1790
2015-06-11 00:00:00
f5
f5
SOL16898 - PKCS #7 vulnerability CVE-2015-1790
2015-07-07 00:00:00
K16898 : PKCS #7 vulnerability CVE-2015-1790
2015-09-16 00:00:00
debiancve
debiancve
CVE-2015-1790
2015-06-12 19:59:03
nvd
nvd
CVE-2015-1790
2015-06-12 19:59:03
cve
cve
CVE-2015-1790
2015-06-12 19:59:03
nessus
nessus
F5 Networks BIG-IP : PKCS #7 vulnerability (SOL16898)
2016-01-28 00:00:00
RHEL 5 : openssl (RHSA-2015:1197) (Logjam)
2015-06-30 00:00:00
Oracle Linux 5 : openssl (ELSA-2015-1197) (Logjam)
2015-07-01 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Null Pointer Dereference
2017-02-10 07:01:24
Denial Of Service (DoS)
2019-05-02 05:39:36
prion
prion
Null pointer dereference
2015-06-12 19:59:00
cvelist
cvelist
CVE-2015-1790
2015-06-12 00:00:00
ubuntucve
ubuntucve
CVE-2015-1790
2015-06-11 00:00:00
openvas
openvas
F5 BIG-IP - PKCS #7 vulnerability CVE-2015-1790
2015-09-18 00:00:00
Cisco ASA Multiple OpenSSL Vulnerabilities (cisco-sa-20150612-openssl)
2015-11-25 00:00:00
SUSE: Security Advisory for OpenSSL (SUSE-SU-2015:1183-2)
2015-10-16 00:00:00
centos
centos
openssl security update
2015-07-02 12:10:41
openssl security update
2015-06-15 20:01:35
suse
suse
Security update for OpenSSL (important)
2015-07-03 15:05:22
Security update for OpenSSL (important)
2015-07-03 20:08:44
Security update for OpenSSL (important)
2015-07-03 14:05:21
redhat
redhat
(RHSA-2015:1197) Moderate: openssl security update
2015-06-30 00:00:00
(RHSA-2015:1115) Moderate: openssl security update
2015-06-15 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Insight (CVE-2015-4000, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)
2018-06-17 05:04:30
slackware
slackware
[slackware-security] openssl
2015-06-11 23:01:09
fedora
fedora
[SECURITY] Fedora 22 Update: openssl-1.0.1k-10.fc22
2015-06-21 00:19:25
[SECURITY] Fedora 22 Update: openssl-1.0.1k-11.fc22
2015-07-13 19:18:15
[SECURITY] Fedora 21 Update: openssl-1.0.1k-11.fc21
2015-07-13 19:12:30
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.1k-alt3
2015-06-15 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt3
2015-06-15 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt3
2015-06-15 00:00:00
mageia
mageia
Updated openssl package fixes security vulnerabilities
2015-06-19 16:33:05
cisco
cisco
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
2015-06-12 16:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2015-06-13 00:00:00
[USN-2639-1] OpenSSL vulnerabilities
2015-06-13 00:00:00
osv
osv
openssl - security update
2015-06-17 00:00:00
openssl - security update
2015-06-13 00:00:00
archlinux
archlinux
openssl: multiple issues
2015-06-12 00:00:00
oraclelinux
oraclelinux
openssl security update
2015-06-30 00:00:00
openssl security update
2015-06-15 00:00:00
openssl security update
2015-12-14 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-06-11 00:00:00
debian
debian
[SECURITY] [DLA 247-1] openssl security update
2015-06-17 21:46:50
[SECURITY] [DSA 3287-1] openssl security update
2015-06-13 14:32:55
fortinet
fortinet
OpenSSL vulnerabilities - June 2015
2015-06-11 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-07-15 00:20:05
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2015-06-22 00:00:00
paloalto
paloalto
OpenSSL Vulnerabilities
2016-10-18 00:00:00
OpenSSL Vulnerabilities
2016-08-15 00:00:00
freebsd
freebsd
openssl -- multiple vulnerabilities
2015-06-11 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:10.openssl
2015-06-12 00:00:00
amazon
amazon
Medium: openssl
2015-06-16 11:29:00
arista
arista
Security Advisory 0011
2015-06-17 00:00:00
symantec
symantec
SA98 : OpenSSL Security Advisory 11-June-2015
2015-06-17 08:00:00
0.433 Medium
EPSS
Percentile
97.4%
Related for 8976330D24BA16C6597AF93C67C2A46121ECFA13975E064BAC48376E8563DA89