Medium Severity

Security Bulletin: TLS Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam) vulnerability in IBM Cloud Pak for Data Streams

Nov 18, 2020 7:01 pm EST

Categorized: Medium Severity

Share this post:

The Transport Layer Security (TLS) protocol contains a flaw that is triggered when handling DiffieHellman key exchanges defined with the DHE_EXPORT cipher. A man-in-the middle attacker may be able to downgrade the session to use EXPORT_DHE cipher suites. Thus, it is recommended to remove support for weak cipher suites.

Affected product(s) and affected version(s):

IBM Cloud Pak for Data Streams 3.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6370029


Previous Post

Security Bulletin: The web server or application server are configured in an insecure way in IBM Cloud Pak for Data Streams

Next Post

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects IBM MQ
More stories

Security Bulletin: IBM API Connect's provider org registration flow is vulnerable to impersonation and sensitive information leak. CVE-2020-4903)

Mar 6, 2021 7:00 pm EST | Medium Severity

IBM API Connect has addressed the following vulnerability. ...read more

Security Bulletin: IBM API Connect V10 is impacted by insecure communications during database replication (CVE-2020-4695)

Mar 6, 2021 7:00 pm EST | Medium Severity

IBM API Connect has addressed the following vulnerability. ...read more

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Java SE.

Mar 6, 2021 7:00 pm EST | Medium Severity

IBM API Connect has addressed the following vulnerability. ...read more