OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack.
CVE(s): CVE-2016-2183
Affected product(s) and affected version(s):
IBM Content Collector for Microsoft SharePoint v3.0
IBM Content Collector for Microsoft SharePoint v4.0
IBM Content Collector for Microsoft SharePoint v4.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2jyPVYE
X-Force Database: http://ift.tt/2dR3VyC
from IBM Product Security Incident Response Team http://ift.tt/2jQmZij
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.