Low Severity

Security Bulletin: IBM Cloud Pak for Security (CP4S) uses weaker than expected cryptographic algorithms (CVE-2020-4624)

Nov 25, 2020 7:00 pm EST

Categorized: Low Severity

Share this post:

IBM Cloud Pak for Security (CP4S) uses weaker than expected cryptographic algorithms during negotiation, which could allow an attacker to decrypt sensitive information. TLS 1.0 and 1.1 is not disabled by default in CP4S 1.3.0.1.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Cloud Pak for Security (CP4S) 1.3.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6372532


Previous Post

Security Bulletin: IBM Network Performance Insight is affected by Apache Commons Codec vulnerability

Next Post

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center
More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow 

Feb 27, 2021 7:00 pm EST | Low Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow . ...read more

Security Bulletin: IBM Cloud Private is vulnerable to a Java vulnerability (CVE-2020-14782)

Feb 26, 2021 7:01 pm EST | Low Severity

IBM Cloud Private is vulnerable to a Java vulnerability ...read more

Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Feb 24, 2021 7:00 pm EST | Low Severity

Vulnerabilities in the Linux Kernel such as execution of arbitrary code, denial of service, bypassing security restrictions, and obtaining or disclosing of information may affect IBM Spectrum Protect Plus. ...read more