OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by WebSphere Cast Iron Cloud Integration, has addressed the applicable CVEs.
CVEID: CVE-2015-3197**
DESCRIPTION:** OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by an error related to the negotiation of disabled SSLv2 ciphers by malicious SSL/TLS clients. An attacker could exploit this vulnerability to conduct man-in-the-middle attacks.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110235 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
This vulnerability affects all versions of the product
WebSphere Cast Iron v 7.5.x,
WebSphere Cast Iron v 7.0.0.x,
WebSphere Cast Iron v 6.4.0.x
WebSphere Cast Iron v 6.3.0.x
WebSphere Cast Iron v 6.1.0.x
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
Cast Iron Appliance| 7.5.x| LI79166| iFix 7.5.1.0-CUMUIFIX-003
Cast Iron Appliance| 7.0.0.x| LI79166| iFix 7.0.0.2-CUMUIFIX-030
Cast Iron Appliance| 6.4.0.x| LI79166| iFix 6.4.0.1-CUMUIFIX-038
Cast Iron Appliance| 6.3.0.x| LI79166| iFix 6.3.0.2-CUMUIFIX-021
Cast Iron Appliance| 6.1.0.x| LI79166| iFix 6.1.0.15-CUMUIFIX-028
None