SymmetricalDataSecurity: IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to SWEET32 Birthday attack (CVE-2016-2183)

Thursday, February 23, 2017

IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to SWEET32 Birthday attack (CVE-2016-2183)

A security vulnerability affects IBM MQ and IBM MQ Appliance, that could allow an attacker to obtain sensitive information when using a channel CipherSpec that uses the Triple-DES algorithm. The affected CipherSpecs are: – TRIPLE_DES_SHA_US – FIPS_WITH_3DES_EDE_CBC_SHA – ECDHE_ECDSA_3DES_EDE_CBC_SHA256 – ECDHE_RSA_3DES_EDE_CBC_SHA256

CVE(s): CVE-2016-2183

Affected product(s) and affected version(s):

The following versions are affected:

IBM MQ
IBM MQ Appliance
IBM WebSphere MQ
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mglwAM
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to SWEET32 Birthday attack (CVE-2016-2183) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2mgaaNg

SymmetricalDataSecurity

Thursday, February 23, 2017

IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to SWEET32 Birthday attack (CVE-2016-2183)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews