OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack.
CVE(s): CVE-2016-2183
Affected product(s) and affected version(s):
IBM Content Collector for Email v3.0
IBM Content Collector for Email v4.0
IBM Content Collector for Email v4.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2jQkPz7
X-Force Database: http://ift.tt/2dR3VyC
from IBM Product Security Incident Response Team http://ift.tt/2jQkuMO
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.