Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD0917105241B3AF403EBCBDA7A2973304A787219E1BA33B2EC05560FF0A404EE
HistoryFeb 05, 2020 - 12:53 a.m.

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling B2B Integrator

2020-02-0500:53:36
www.ibm.com
60

EPSS

0.59

Percentile

97.8%

JSON

Summary

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Sterling B2B Integrator. IBM Sterling B2B Integrator has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2016-2179**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted DTLS record fragments to fill up buffer queues, a remote attacker could exploit this vulnerability to open a large number of simultaneous connections and consume all available memory resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116343&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-2181**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the DTLS replay protection implementation. By sending a specially crafted sequence number, a remote attacker could exploit this vulnerability to cause valid packets to be dropped.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116344&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-6304**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by multiple memory leaks in t1_lib.c during session renegotiation. By sending an overly large OCSP Status Request extension, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117110&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-2183**
DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2

Remediation/Fixes

Product & Version

| Remediated Fix
—|—
IBM Sterling B2B Integrator 5.2| SWIFTNet Customers must upgrade their current version of OpenSSL to version 1.0.1u

Workarounds and Mitigations

None

Related

threatpost 1
nessus 40
ibm 41
openvas 34
altlinux 5
cloudfoundry 2
suse 8
redhat 2
ubuntu 2
mageia 1
osv 6
oraclelinux 1
centos 1
debian 2
archlinux 2
zdt 1
f5 5
alpinelinux 3
veracode 4
hackerone 2
ubuntucve 3
cvelist 3
cve 4
openssl 3
debiancve 3
nvd 4
redhatcve 2
prion 4
aix 1
checkpoint_advisories 2
amazon 1
fortinet 1
slackware 1
fedora 2
freebsd_advisory 1
freebsd 1
threatpost
threatpost
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
2016-09-23 15:47:13
nessus
nessus
Arista Networks EOS 4.17 Multiple Vulnerabilities (SA0024) (SWEET32)
2018-02-28 00:00:00
Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20160927)
2016-09-29 00:00:00
openSUSE Security Update : compat-openssl098 (openSUSE-2016-1189)
2016-10-17 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere Cast Iron Solution
2019-11-18 13:57:34
Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM
2018-06-18 01:33:47
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand,
2018-12-08 04:55:34
openvas
openvas
RedHat Update for openssl RHSA-2016:1940-01
2016-10-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2458-1)
2021-06-09 00:00:00
CentOS Update for openssl CESA-2016:1940 centos6
2016-10-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.2i-alt1
2016-09-22 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2i-alt1
2016-09-22 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.2i-alt1
2016-09-22 00:00:00
cloudfoundry
cloudfoundry
USN-3087-2 OpenSSL Regression | Cloud Foundry
2016-09-28 00:00:00
CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size | Cloud Foundry
2019-10-24 00:00:00
suse
suse
Security update for compat-openssl098 (important)
2016-10-06 20:09:29
Security update for openssl (important)
2016-10-05 18:09:41
Security update for compat-openssl098 (important)
2016-10-14 15:09:07
redhat
redhat
(RHSA-2016:1940) Important: openssl security update
2016-09-27 11:50:45
(RHSA-2016:2802) Important: openssl security update
2016-11-17 12:52:35
ubuntu
ubuntu
OpenSSL regression
2016-09-23 00:00:00
OpenSSL vulnerabilities
2016-09-22 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2016-10-12 01:12:20
osv
osv
openssl - security update
2016-09-22 00:00:00
openssl - regression update
2016-09-22 00:00:00
openssl - security update
2016-09-25 00:00:00
oraclelinux
oraclelinux
openssl security update
2016-09-27 00:00:00
centos
centos
openssl security update
2016-09-28 14:48:04
debian
debian
[SECURITY] [DSA 3673-1] openssl security update
2016-09-22 16:50:14
[SECURITY] [DLA 637-1] openssl security update
2016-09-25 11:55:01
archlinux
archlinux
[ASA-201609-24] lib32-openssl: multiple issues
2016-09-26 00:00:00
[ASA-201609-23] openssl: multiple issues
2016-09-26 00:00:00
zdt
zdt
OpenSSL OCSP Status Request Extension Unbounded Memory Growth Vulnerability
2016-10-21 00:00:00
f5
f5
SOL54211024 - OpenSSL vulnerability CVE-2016-6304
2016-11-02 00:00:00
K54211024 : OpenSSL vulnerability CVE-2016-6304
2016-11-02 00:00:00
K59298921 : OpenSSL vulnerability CVE-2016-2181
2016-10-28 00:00:00
alpinelinux
alpinelinux
CVE-2016-6304
2016-09-26 19:59:00
CVE-2016-2179
2016-09-16 05:59:00
CVE-2016-2181
2016-09-16 05:59:01
veracode
veracode
Denial Of Service (DoS)
2017-01-26 01:52:41
Denial Of Service (DoS)
2017-01-26 06:11:40
Denial Of Service (DoS)
2017-02-03 06:21:34
hackerone
hackerone
Internet Bug Bounty: OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
2017-03-29 01:24:57
Legal Robot: SWEET32 TLS attack
2017-01-18 18:03:52
ubuntucve
ubuntucve
CVE-2016-6304
2016-09-22 00:00:00
CVE-2016-2181
2016-09-16 00:00:00
CVE-2016-2179
2016-09-16 00:00:00
cvelist
cvelist
CVE-2016-6304
2016-09-26 00:00:00
CVE-2016-2181
2016-09-16 00:00:00
CVE-2016-2179
2016-09-16 00:00:00
cve
cve
CVE-2016-6304
2016-09-26 19:59:00
CVE-2016-2179
2016-09-16 05:59:00
CVE-2016-2181
2016-09-16 05:59:01
openssl
openssl
Vulnerability in OpenSSL - DTLS replay protection DoS
2016-08-19 00:00:00
Vulnerability in OpenSSL - OCSP Status Request extension unbounded memory growth
2016-09-22 00:00:00
Vulnerability in OpenSSL - DTLS buffered message DoS
2016-08-22 00:00:00
debiancve
debiancve
CVE-2016-2181
2016-09-16 05:59:01
CVE-2016-6304
2016-09-26 19:59:00
CVE-2016-2179
2016-09-16 05:59:00
nvd
nvd
CVE-2016-2181
2016-09-16 05:59:01
CVE-2016-6304
2016-09-26 19:59:00
CVE-2016-2179
2016-09-16 05:59:00
redhatcve
redhatcve
CVE-2016-2179
2016-08-23 15:19:28
CVE-2016-2181
2016-08-22 14:19:01
prion
prion
Design/Logic Flaw
2016-09-16 05:59:00
Design/Logic Flaw
2016-09-26 19:59:00
Design/Logic Flaw
2016-09-16 05:59:00
aix
aix
Vulnerabilities in OpenSSL affect AIX
2016-11-14 13:29:26
checkpoint_advisories
checkpoint_advisories
OpenSSL OCSP Extension Unbounded Memory Denial of Service (CVE-2016-6304)
2016-09-22 00:00:00
Weak SSL 3DES Cipher Suites (CVE-2016-2183)
2016-09-25 00:00:00
amazon
amazon
Medium: openssl
2016-10-12 17:00:00
fortinet
fortinet
OpenSSL Security Advisory [22 Sept 2016]
2017-04-03 00:00:00
slackware
slackware
[slackware-security] openssl
2016-09-22 18:53:12
fedora
fedora
[SECURITY] Fedora 25 Update: openssl-1.0.2j-1.fc25
2016-10-09 03:28:42
[SECURITY] Fedora 23 Update: openssl-1.0.2j-1.fc23
2016-10-11 23:24:05
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:26.openssl
2016-09-23 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2016-09-22 00:00:00

EPSS

0.59

Percentile

97.8%

JSON
Related for D0917105241B3AF403EBCBDA7A2973304A787219E1BA33B2EC05560FF0A404EE
threatpost1nessus40ibm41openvas34altlinux5cloudfoundry2suse8redhat2ubuntu2mageia1osv6oraclelinux1centos1debian2archlinux2zdt1f55alpinelinux3veracode4hackerone2ubuntucve3cvelist3cve4openssl3debiancve3nvd4redhatcve2prion4aix1checkpoint_advisories2amazon1fortinet1slackware1fedora2freebsd_advisory1freebsd1