Security Bulletin
Summary
A security vulnerability has been discovered in OpenSSL (shipped with IBM Rational Insight) that was reported on June 5, 2014 by the OpenSSL Project. A newer version of this library in made available for resolving this vulnerability.
Vulnerability Details
Subscribe to My Notifications to be notified of important product support alerts like this.
|
CVE ID: CVE-2014-0224
Description: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic.
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93586 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Affected Products and Versions
Rational Insight 1.0.1, 1.0.1 iFix1, 1.0.1.1, 1.1, 1.1.1, 1.1.1.1, 1.1.1.2, 1.1.1.3 and 1.1.1.4
Remediation/Fixes
The recommended solution is to apply the recommended fixes to all affected versions of Rational Insight as soon as practical.
Rational Insight 1.0.1, 1.0.1 iFix1 and 1.0.1.1
- Download and install the Cognos Business Intelligence 8.4.1 Interim Fix 6. Review document 4037867: Cognos Business Intelligence 8.4.1 interim fixes address a security vulnerability for the detailed instructions.
Rational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2
- Download and install the Cognos Business Intelligence 10.1.1 Interim Fix 7. Review document 4037974: Cognos Business Intelligence 10.1.x interim fixes address a security vulnerability for the detailed instructions.
Note: The Cognos fix package is installed into the cognos subdirectory of the Insight installation.
Rational Insight 1.1.1.3 and 1.1.1.4
- Download and install the Cognos Business Intelligence 10.2.1 Interim Fix 6. Review document 4037870: Cognos Business Intelligence 10.2.x interim fixes address a security vulnerability for the detailed instructions.
Note: The Cognos fix package is installed into the cognos subdirectory of the Insight installation.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
* 21 July 2014: Revised with new patch information for some releases.
* 14 July 2014: Original copy published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
Advisory # 1790 Record # 39369
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21676542