Allele Security Alert
ASA-2019-00250
Identifier(s)
ASA-2019-00250, CVE-2018-1608
Title
Use weaker than expected cryptographic algorithms
Vendor(s)
IBM
Product(s)
IBM Rational Engineering Lifecycle Manager
Affected version(s)
IBM Rational Engineering Lifecycle Manager 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4,6.0.5 and 6.0.6
Fixed version(s)
Rational Collaborative Lifecycle Management 6.0.6.1 or later
Proof of concept
Unknown
Description
IBM Rational Engineering Lifecycle Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Technical details
Unknown
Credits
Unknown
Reference(s)
Security Bulletin: Security vulnerability affects Rational Engineering Lifecycle Manager
https://www-01.ibm.com/support/docview.wss?uid=ibm10882778
IBM Rational Engineering Lifecycle Manager information disclosure
https://exchange.xforce.ibmcloud.com/vulnerabilities/143798
Collaborative Lifecycle Management 6.0.6.1
https://jazz.net/downloads/clm/releases/6.0.6.1
CVE-2018-1608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1608
CVE-2018-1608
https://nvd.nist.gov/vuln/detail/CVE-2018-1608
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 4, 2019