Allele Security Alert
ASA-2019-00251
Identifier(s)
ASA-2019-00251, CVE-2013-1624
Title
Bouncy Castle CBC information disclosure
Vendor(s)
IBM
Product(s)
IBM Planning Analytics
Affected version(s)
IBM Planning Analytics 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5 and 2.0.6
Fixed version(s)
IBM Planning Analytics 2.0.7
Proof of concept
Unknown
Description
Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by the exposure of timing differences during padding check verification by the CBC ciphersuite of the Transport Layer Security (TLS) implementation. An attacker could exploit this vulnerability using a timing attack to recover the original plaintext and obtain sensitive information.
Technical details
Unknown
Credits
Unknown
Reference(s)
Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics
https://www-01.ibm.com/support/docview.wss?uid=ibm10879407
Bouncy Castle CBC information disclosure
https://exchange.xforce.ibmcloud.com/vulnerabilities/81910
CVE-2013-1624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1624
CVE-2013-1624
https://nvd.nist.gov/vuln/detail/CVE-2013-1624
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 3, 2019