Vulnerability CVE-2014-8176 - CERT Civis.Net

Vulnerability Name:

CVE-2014-8176 (CCN-103782)

Assigned:

2014-10-10

Published:

2015-06-11

Updated:

2022-12-13

Summary:

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.

CVSS v3 Severity:

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2014-8176

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2016-2957
Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Cisco Security Advisory ID: cisco-sa-20150612-openssl
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 1963438
Vulnerabilities in OpenSSL including Logjam affect IBM Security Identity Governance

Source: CCN
Type: IBM Security Bulletin T1022444
PowerKVM is affected by OpenSSL vulnerabilities (multiple CVEs)

Source: CCN
Type: IBM Security Bulletin T1022527
Vulnerabilities in OpenSSL including Logjam affect IBM GPFS V3.5 for Windows (CVE-2015-4000, CVE-2015-1793, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Source: CCN
Type: IBM Security Bulletin T1022647
Vulnerabilities in OpenSSL affect IBM Cloud Manager with OpenStack (CVE-2014-8176 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792)

Source: CCN
Type: IBM Security Bulletin T1022655
Vulnerabilities in OpenSSL affect IBM SmartCloud Entry (CVE-2014-8176 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792)

Source: CCN
Type: IBM Security Bulletin T1022724
OpenSSL vulnerabilities affect IBM SmartCloud Entry

Source: CCN
Type: IBM Security Bulletin T1023117
Multiple Vulnerabilities in OpenSSL including Logjam affect IBM Flex System Manager (FSM)

Source: CCN
Type: IBM Security Bulletin N1020840
Vulnerabilities in OpenSSL including Logjam affect IBM i

Source: CCN
Type: IBM Security Bulletin N1020862
Vulnerabilities in Open SSL affect Power Hardware Management Console (CVE-2014-8176,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-3216)

Source: CCN
Type: IBM Security Bulletin S1005313
Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Source: CCN
Type: IBM Security Bulletin S1005314
Vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Source: CCN
Type: IBM Security Bulletin S1009687 (Data ONTAP)
Vulnerabilities in OpenSSL affect multiple N series products

Source: CCN
Type: IBM Security Bulletin 1959308
Vulnerabilities in OpenSSL including Logjam affect Sterling Connect:Express for UNIX (CVE-2015-4000, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Source: CCN
Type: IBM Security Bulletin 1959518
Vulnerabilities in OpenSSL including Logjam affect IBM SDK for Node.js

Source: CCN
Type: IBM Security Bulletin 1960157
Vulnerabilities in OpenSSL affected IBM Workflow for Bluemix (CVE-2015-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Source: CCN
Type: IBM Security Bulletin 1961438
Vulnerabilities in OpenSSL including Logjam affect IBM SDK for Node.js in IBM Bluemix

Source: CCN
Type: IBM Security Bulletin 1961454
Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection

Source: CCN
Type: IBM Security Bulletin 1961569
Vulnerabilities in OpenSSL including Logjam affect Rational Application Developer for WebSphere Software (CVE-2015-1791, CVE-2015-1792, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790)

Source: CCN
Type: IBM Security Bulletin 1961837
Vulnerabilities in OpenSSL including Logjam affect Rational Software Architect and Rational Software Architect for Websphere Software

Source: CCN
Type: IBM Security Bulletin 1962039
Multiple vulnerabilities in OpenSSL affect IBM Security Network Intrusion Prevention System

Source: CCN
Type: IBM Security Bulletin 1962519
IBM Security AppScan Enterprise is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 1962520
IBM Rational Policy Tester is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 1962623
Vulnerabilities in OpenSSL including Logjam affect IBM Security Access Manager for Mobile.

Source: CCN
Type: IBM Security Bulletin 1962726
IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 1963096
Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web

Source: CCN
Type: IBM Security Bulletin 1963232
Vulnerabilities in OpenSSL including Logjam affect IBM InfoSphere Guardium

Source: CCN
Type: IBM Security Bulletin 1963498
Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server

Source: CCN
Type: IBM Security Bulletin 1963954
Vulnerabilities in OpenSSL affect IBM Sterling B2B Integrator (CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Source: CCN
Type: IBM Security Bulletin 1963964
Multiple Security Vulnerabilities Fixed in IBM Security Privileged Identity Manager

Source: CCN
Type: IBM Security Bulletin 1964030
Vulnerabilities in OpenSSL affect IBM Security Network Controller (CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Source: CCN
Type: IBM Security Bulletin 1964033
Vulnerabilities in OpenSSL affect Proventia Network Active Bypass (CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Source: CCN
Type: IBM Security Bulletin 1966381
Vulnerabilities in OpenSSLincluding Logjam affect IBM Workload Deployer. (CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-4000)

Source: CCN
Type: IBM Security Bulletin 1966481
Multiple vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization

Source: CCN
Type: IBM Security Bulletin 1966484
Vulnerabilities in OpenSSL affect IBM NetInsight (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793)

Source: CCN
Type: IBM Security Bulletin 1966847
Multiple vulnerabilities in openssl affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Source: CCN
Type: IBM Security Bulletin 1966873
Vulnerabilities in OpenSSL including Logjam affect the Cordova platform packaged with Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux

Source: CCN
Type: IBM Security Bulletin 1968724
Vulnerabilities in OpenSSL affect IBM Rational Team Concert Build Agent (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2014-8176)

Source: CCN
Type: IBM Security Bulletin 1968871
Vulnerability in OpenSSL affects IBM Security Proventia Network Enterprise Scanner (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2014-8176)

Source: CCN
Type: IBM Security Bulletin 1969655
Vulnerabilities in OpenSSL including Logjam affect IBM PureApplication System. (CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-4000)

Source: CCN
Type: BID-75159
OpenSSL DTLS CVE-2014-8176 Remote Memory Corruption Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
openssl-cve20148176-code-exec(103782)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Exploit
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Cisco Security Advisory cisco-sa-20150612-openssl
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products

Source: CCN
Type: IBM Security Bulletin 5098960
IBM Flex System Chassis Management Module (CMM) is affected by multiple vulnerabilities in OpenSSL including Logjam

Source: CCN
Type: IBM Security Bulletin 5099032
Multiple vulnerabilities in OpenSSH, GNU C Library (glibc), and OpenSSL, including Logjam, affect Integrated Management Module II (IMM2)

Source: CCN
Type: OpenSSL Security Advisory [11 Jun 2015]
OpenSSL Security Advisory

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-8176

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

AND

cpe:/a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.5:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:rational_policy_tester:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_guardium:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.6:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:infosphere_guardium:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_network_intrusion_prevention_system:4.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_network_intrusion_prevention_system:4.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_network_intrusion_prevention_system:4.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.7.0.0:-:enterprise:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_provisioning:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:campaign:8.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:campaign:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:campaign:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager:7.0:*:web:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager:8.0:*:web:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.8:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_network_protection_firmware:5.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:proventia_network_enterprise_scanner:2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.0.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.1.1:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:smartcloud_entry:3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_privileged_identity_manager:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.4.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager:8.0.0.2:*:web:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:9.0:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:1.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:1.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:1.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:1.1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_network_intrusion_prevention_system:4.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_network_intrusion_prevention_system:4.6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_network_intrusion_prevention_system:4.6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:sdk:1.1:*:*:*:node.js:*:*:*

OR cpe:/a:ibm:cloud_manager:4.1.0:*:*:*:*:openstack:*:*

OR cpe:/o:ibm:security_network_protection_firmware:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:general_parallel_file_system:3.5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:9.0.1::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:ibm:infosphere_guardium:9.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager:8.0.0.4:*:web:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager:8.0.0.5:*:web:*:*:*:*:*

OR cpe:/a:ibm:sterling_connect:express:1.5:*:*:*:unix:*:*:*

OR cpe:/o:ibm:i:5.4.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:6.1.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_connect:express:1.4:*:*:*:unix:*:*:*

OR cpe:/a:ibm:workload_deployer:3.1.0.7:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_privileged_identity_manager:1.0.1.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:5.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_software_architect:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_software_architect:9.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_developer_for_i:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_privileged_identity_manager:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:1.1.0.5:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager:8.0.1:*:web:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:2.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_manager:7:*:*:*:*:*:*:*

OR cpe:/a:ibm:sdk:1.1:*:node.js:*:bluemix:*:*:*

OR cpe:/a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_developer_for_i:9.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_developer_for_i:9.1.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:2.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:workflow:-:*:*:*:*:bluemix:*:*

OR cpe:/a:ibm:infosphere_guardium:9.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_manager:4.2.0:*:*:*:*:openstack:*:*

OR cpe:/a:ibm:security_appscan:9.0.2:-:enterprise:*:*:*:*:*

OR cpe:/a:ibm:campaign:9.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:2.1.0.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager:8.0.1.2:*:web:*:*:*:*:*

OR cpe:/a:ibm:sdk:1.2:*:*:*:node.js:*:*:*

OR cpe:/a:ibm:infosphere_guardium:10.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager:*:*:mobile:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager:8.0.1.3:*:web:*:*:*:*:*

OR cpe:/a:ibm:security_privileged_identity_manager:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:2.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_software_architect:9.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_unified_software:1.5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*

OR cpe:/h:ibm:flex_system_manager_node:*:*:*:*:*:*:*:*

OR cpe:/a:ibm:pureapplication_system:2.1.1.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_core_services:2.4.6:*:*:*:apache_http_server:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20148176	V	CVE-2014-8176	2022-06-30
oval:org.opensuse.security:def:112612	P	libcrypto38-2.5.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106096	P	libcrypto38-2.5.0-1.1 on GA media (Moderate)	2021-10-01
oval:org.mitre.oval:def:29364	V	AIX OpenSSL DTLS peer vulnerability (segmentation fault or memory corruption)	2016-02-19
oval:org.cisecurity:def:217	P	DSA-3287-1 -- openssl -- security update	2016-02-08
oval:org.mitre.oval:def:29160	P	USN-2639-1 -- openssl vulnerabilities	2015-07-27
oval:org.mitre.oval:def:28674	P	CESA-2015:1115 -- centos 6 openssl	2015-07-27
oval:org.mitre.oval:def:28440	P	RHSA-2015:1115-01 -- Redhat openssl	2015-07-27
oval:org.mitre.oval:def:29099	P	CESA-2015:1115 -- centos 7 openssl	2015-07-27
oval:org.mitre.oval:def:28583	P	USN-2639-1 -- openssl vulnerabilities	2015-07-27
oval:org.mitre.oval:def:29126	P	ELSA-2015-1115 -- Oracle openssl	2015-07-27
oval:org.mitre.oval:def:28643	P	ELSA-2015-1115 -- Oracle openssl	2015-07-27
oval:com.redhat.rhsa:def:20151115	P	RHSA-2015:1115: openssl security update (Moderate)	2015-06-15
oval:com.ubuntu.bionic:def:201481760000000	V	CVE-2014-8176 on Ubuntu 18.04 LTS (bionic) - medium.	2015-06-12
oval:com.ubuntu.precise:def:20148176000	V	CVE-2014-8176 on Ubuntu 12.04 LTS (precise) - medium.	2015-06-12
oval:com.ubuntu.artful:def:20148176000	V	CVE-2014-8176 on Ubuntu 17.10 (artful) - medium.	2015-06-12
oval:com.ubuntu.xenial:def:201481760000000	V	CVE-2014-8176 on Ubuntu 16.04 LTS (xenial) - medium.	2015-06-12
oval:com.ubuntu.trusty:def:20148176000	V	CVE-2014-8176 on Ubuntu 14.04 LTS (trusty) - medium.	2015-06-12
oval:com.ubuntu.bionic:def:20148176000	V	CVE-2014-8176 on Ubuntu 18.04 LTS (bionic) - medium.	2015-06-12
oval:com.ubuntu.disco:def:201481760000000	V	CVE-2014-8176 on Ubuntu 19.04 (disco) - medium.	2015-06-12
oval:com.ubuntu.xenial:def:20148176000	V	CVE-2014-8176 on Ubuntu 16.04 LTS (xenial) - medium.	2015-06-12
oval:com.ubuntu.cosmic:def:201481760000000	V	CVE-2014-8176 on Ubuntu 18.10 (cosmic) - medium.	2015-06-12
oval:com.ubuntu.cosmic:def:20148176000	V	CVE-2014-8176 on Ubuntu 18.10 (cosmic) - medium.	2015-06-12