Jan 25, 2019 9:02 am EST
Categorized: Low Severity
Share this post:
IBM MessageSight has addressed the following vulnerability. OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key.
CVE(s): CVE-2018-0734
Affected product(s) and affected version(s):
| Affected IBM MessageSight | Affected Versions |
|---|---|
| IBM MessageSight | 2.0.0.0 – 2.0.0.2 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10796086
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152085
from IBM Product Security Incident Response Team https://ibm.co/2Wkrp1T
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.