OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack.
CVE(s): CVE-2016-2183
Affected product(s) and affected version(s):
Content Collector for IBM Connections v3.0
Content Collector for IBM Connections v4.0
Content Collector for IBM Connections v4.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2jyQUrV
X-Force Database: http://ift.tt/2dR3VyC
from IBM Product Security Incident Response Team http://ift.tt/2jQjkAS
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.