IBM Support

Security Bulletin: IBM Security Guardium is aware of a GnuTLS vulnerability

Created by Ofra Shinitzky on
Published URL:
https://www.ibm.com/support/pages/node/872468
872468

Security Bulletin


Summary

IBM Security Guardium is aware of the following vulnerabilities

Vulnerability Details

CVE-2018-10846, CVE-2018-10845, CVE-2018-10844

Affected Products and Versions

Affected IBM Security Guardium

Affected Versions
IBM Security Guardium 9 - 9.5
IBM Security Guardium 10 - 10.5

Remediation/Fixes

Product
VRMF
Remediation / First Fix
IBM Security Guardium 9-9.5 N/A
IBM Security Guardium 10-10.5 N/A

Workarounds and Mitigations

IBM Security Guardium is aware of these GnuTLS vulnerabilities.  These vulnerabilities exist in a 3rd party component which IBM Security Guardium consumes.  The 3rd party vendor has indicated that they will not be fixing the versions of the component that IBM consumes in IBM Security Guardium versions.  
IBM suggests that customers using the Remote Syslog feature of the IBM Security Guardium appliance ensure that their Remote Syslog servers are at the latest kernel patch levels to mitigate any possible risk from these vulnerabilities.

Get Notified about Future Security Bulletins

References

Off

Change History

Feb 19, 2019: Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Internal Use Only

120660

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9-9.5;10-10.6","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
19 February 2019

UID

ibm10872468