Open Source OpenSSL is vulnerable to a publicly disclosed vulnerability
CVEID: CVE-2018-5407
**Description:**Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused by execution engine sharing on Simultaneous Multithreading (SMT) architecture. By using the PortSmash new side-channel attack, an attacker could run a malicious process next to legitimate processes using the architectures parallel thread running capabilities to leak encrypted data from the CPU’s internal processes. Note: This vulnerability is known as PortSmash.
**CVSS Base Score:**5.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152484> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
IBM QRadar SIEM 7.3.0 - 7.3.2 Patch 1
QRadar / QRM / QVM / QRIF / QNI 7.3.2 Patch 2
None