CVE-2015-0138 — Use of a Broken or Risky Cryptographic Algorithm in IBM Tivoli Directory Server

CWE-310 CWE-327 — Use of a Broken or Risky Cryptographic Algorithm5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.9%

top 24.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Directory Server

Timeline

PublishedMar 25

Latest updateMay 17

Description

GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerabi…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_directory_server6.0.0.73+139

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-wff6-5qmg-74j3: GSKit in IBM Tivoli Directory Server (ITDS) 6↗2022-05-17

▶

CVEList

CVE-2015-0138: GSKit in IBM Tivoli Directory Server (ITDS) 6↗2015-03-25

▶

📋Vendor Advisories

Red Hat

JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)↗2015-03-11

▶

💬Community

Bugzilla

CVE-2015-0138 IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)↗2015-05-06

▶