NEWS T3 23 Sterling Connect:Direct for UNIX is vulnerable to remote sensitive information exposure due to IBM GSKit

Integration News

IBM Sterling Connect:Direct for UNIX is vulnerable to remote sensitive information exposure due to IBM GSKit

IBM GSKit is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by remote sensitive exposure vulnerability in IBM GSKit. IBM Sterling Connect:Direct for UNIX has upgraded IBM GSKit to version 8.0.55.31 to address the issue.

CVEID: CVE-2023-32342
Description: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Workarounds and Mitigations

None. 

Haga clic en el siguiente botón para descargar este boletín en formato Pdf.