ASA-2019-00250 – IBM Rational Engineering Lifecycle Manager: Use weaker than expected cryptographic algorithms

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00250

Identifier(s)

ASA-2019-00250, CVE-2018-1608

Title

Use weaker than expected cryptographic algorithms

Vendor(s)

IBM

Product(s)

IBM Rational Engineering Lifecycle Manager

Affected version(s)

IBM Rational Engineering Lifecycle Manager 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4,6.0.5 and 6.0.6

Fixed version(s)

Rational Collaborative Lifecycle Management 6.0.6.1 or later

Proof of concept

Unknown

Description

IBM Rational Engineering Lifecycle Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Technical details

Unknown

Credits

Unknown

Reference(s)

Security Bulletin: Security vulnerability affects Rational Engineering Lifecycle Manager
https://www-01.ibm.com/support/docview.wss?uid=ibm10882778

IBM Rational Engineering Lifecycle Manager information disclosure
https://exchange.xforce.ibmcloud.com/vulnerabilities/143798

Collaborative Lifecycle Management 6.0.6.1
https://jazz.net/downloads/clm/releases/6.0.6.1

CVE-2018-1608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1608

CVE-2018-1608
https://nvd.nist.gov/vuln/detail/CVE-2018-1608

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 4, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.