Nov 18, 2020 7:01 pm EST
Categorized: Medium Severity
Share this post:
The Transport Layer Security (TLS) protocol contains a flaw that is triggered when handling DiffieHellman key exchanges defined with the DHE_EXPORT cipher. A man-in-the middle attacker may be able to downgrade the session to use EXPORT_DHE cipher suites. Thus, it is recommended to remove support for weak cipher suites.
Affected product(s) and affected version(s):
IBM Cloud Pak for Data Streams 3.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6370029