A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed.
CVEID:CVE-2019-1551
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. By performing a man-in-the-middle attack, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172752 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
InfoSphere Information Server | 11.7 |
InfoSphere Information Server | 11.5 |
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
InfoSphere Information Server, Information Server on Cloud | 11.7 | JR62788 | --Upgrade to DataDirect ODBC drivers version 7.1.6 |
--Use TechNote to choose which OpenSSL version the drivers will use | |||
--Use TechNote to follow additional post installation configuration steps | |||
InfoSphere Information Server, Information Server on Cloud | 11.5 | JR62788 | --Upgrade to DataDirect ODBC drivers version 7.1.6 |
--Use TechNote to choose which OpenSSL version the drivers will use | |||
--Use TechNote to follow additional post installation configuration steps |
None.
Note that some of the prior security fixes could be mitigated by disabling the use of Diffie-Hellman, DSA, ECDSA, and ECDH ciphers.