Low Severity

Security Bulletin: IBM Cloud Pak for Security (CP4S) uses weaker than expected cryptographic algorithms (CVE-2020-4624)

Share this post:

IBM Cloud Pak for Security (CP4S) uses weaker than expected cryptographic algorithms during negotiation, which could allow an attacker to decrypt sensitive information. TLS 1.0 and 1.1 is not disabled by default in CP4S 1.3.0.1.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Cloud Pak for Security (CP4S) 1.3.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6372532

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow 

Feb 27, 2021 7:00 pm EST | Low Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow . ...read more


Security Bulletin: IBM Cloud Private is vulnerable to a Java vulnerability (CVE-2020-14782)

Feb 26, 2021 7:01 pm EST | Low Severity

IBM Cloud Private is vulnerable to a Java vulnerability ...read more


Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Feb 24, 2021 7:00 pm EST | Low Severity

Vulnerabilities in the Linux Kernel such as execution of arbitrary code, denial of service, bypassing security restrictions, and obtaining or disclosing of information may affect IBM Spectrum Protect Plus. ...read more