| Vulnerability Name: | CVE-2019-1552 (CCN-164498) |
| Assigned: | 2018-11-28 |
| Published: | 2019-07-30 |
| Updated: | 2022-12-13 |
| Summary: | |
| CVSS v3 Severity: | 3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): None |
2.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
2.6 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
1.2 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Consequences: | Bypass Security |
| References: | Source: MITRE
Type: CNA
CVE-2019-1552
Source: CCN
Type: US-CERT VU#429301
Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: XF
Type: UNKNOWN
openssl-cve20191552-sec-bypass(164498)
Source: openssl-security@openssl.org
Type: Mailing List, Patch, Vendor Advisory
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: Mailing List, Vendor Advisory
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: Mailing List, Patch, Vendor Advisory
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: Mailing List, Patch, Vendor Advisory
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: CCN
Type: IBM Security Bulletin 1086981 (Event Streams)
IBM Event Streams is affected by OpenSSL vulnerabilities
Source: CCN
Type: IBM Security Bulletin 1118895 (Cloud Pak System)
Vulnerability in OpenSSL affects IBM Cloud Pak System (CVE-2019-1552)
Source: CCN
Type: IBM Security Bulletin 1137634 (Sterling B2B Integrator)
IBM Sterling B2B Integrator is affected by multiple vulnerabilities in OpenSSL libraries
Source: CCN
Type: IBM Security Bulletin 1172278 (WebSphere MQ for HPE NonStop Server (Itanium))
WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1552
Source: CCN
Type: IBM Security Bulletin 1282774 (MQ for HPE NonStop)
IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1552
Source: CCN
Type: IBM Security Bulletin 1285588 (Watson Explorer Deep Analytics Edition Foundational Components)
Vulnerability affects Watson Explorer Foundational Components (CVE-2019-1552)
Source: CCN
Type: IBM Security Bulletin 1489185 (Aspera Console)
Aspera Web Faspex application is affected by OpenSSL Vulnerability (CVE-2019-1552)
Source: CCN
Type: IBM Security Bulletin 1848099 (Netezza Analytics)
Security Vulnerability in OpenSSL affect IBM Netezza Analytics
Source: CCN
Type: IBM Security Bulletin 2027745 (Aspera Connect)
OpenSSL vulnerabilites (CVE-2019-1552) impacting IBM Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop 3.9.1 and earlier
Source: CCN
Type: IBM Security Bulletin 2284587 (Rational Team Concert)
OpenSSL vulnerability affects IBM Rational Team Concert
Source: CCN
Type: IBM Security Bulletin 5690661 (MobileFirst Platform Foundation)
OpenSSL publicly disclosed vulnerability
Source: CCN
Type: IBM Security Bulletin 5694483 (Cisco DCNM for c-type SAN directors and switches)
Vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches.
Source: CCN
Type: IBM Security Bulletin 5695299 (Cloud Pak System)
Vulnerability in OpenSSL library affect OS Pattern Kit used in IBM Cloud Pak System
Source: CCN
Type: IBM Security Bulletin 5695629 (Spectrum Protect Backup-Archive Client)
Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563, CVE-2019-1552)
Source: CCN
Type: IBM Security Bulletin 6198351 (InfoSphere Guardium Activity Monitor)
IBM Security Guardium is affected by an OpenSSL vulnerability
Source: CCN
Type: IBM Security Bulletin 6201879 (Workload Automation)
CVE-2019-1552 vulnerability in OpenSSL affect IBM Workload Scheduler
Source: CCN
Type: IBM Security Bulletin 6212081 (Aspera)
IBM Aspera On Demand products are affected by OpenSSL Vulnerability (CVE-2019-1552)
Source: CCN
Type: IBM Security Bulletin 6221458 (IBS Aspera Streaming for Video)
OpenSSL vulnerabilites impacting IBM Aspera Streaming for Video 3.8.0 and earlier (CVE-2019-1552)
Source: CCN
Type: IBM Security Bulletin 6380294 (App Connect)
Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise (CVE-2019-1552)
Source: CCN
Type: IBM Security Bulletin 6380412 (InfoSphere Master Data Management)
IBM InfoSphere Master Data Management Server vulnerability in OpenSSL
Source: CCN
Type: IBM Security Bulletin 6382394 (Netcool System Service Monitor)
Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: CCN
Type: OpenSSL Security Advisory [30 July 2019]
OpenSSL Security Advisory [30 July 2019]
Source: openssl-security@openssl.org
Type: Vendor Advisory
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: openssl-security@openssl.org
Type: UNKNOWN
openssl-security@openssl.org
Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-1552
|
| Vulnerable Configuration: | Configuration CCN 1:
cpe:/a:openssl:openssl:1.0.2:*:*:*:*:*:*:*OR cpe:/a:openssl:openssl:1.1.0:*:*:*:*:*:*:*OR cpe:/a:openssl:openssl:1.1.1:*:*:*:*:*:*:*AND cpe:/a:ibm:integration_bus:9.0.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*OR cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:*OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*OR cpe:/a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*OR cpe:/a:ibm:workload_automation:9.2:*:*:*:*:*:*:*OR cpe:/a:ibm:workload_automation:9.3:*:*:*:*:*:*:*OR cpe:/a:ibm:workload_automation:9.4:*:*:*:*:*:*:*OR cpe:/a:ibm:integration_bus:9.0.0.11:*:*:*:*:*:*:*OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*OR cpe:/a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*OR cpe:/a:ibm:sterling_b2b_integrator:5.0.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:watson_explorer:11.0.0.3:*:foundational_components:*:*:*:*:*OR cpe:/a:ibm:watson_explorer:11.0.1:*:foundational_components:*:*:*:*:*OR cpe:/a:ibm:event_streams:2019.2.1:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_protect_backup-archive_client:7.1.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_protect_backup-archive_client:8.1.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:sterling_b2b_integrator:6.0.2.0:*:*:*:standard:*:*:*OR cpe:/a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:infosphere_guardium_activity_monitor:10.6:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_pak_system:2.2.5:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_pak_system:2.2.6:*:*:*:*:*:*:*OR cpe:/a:ibm:mq_for_hpe_nonstop:8.1.0:*:*:*:*:*:*:*OR cpe:/a:ibm:mq_for_hpe_nonstop:8.0.4:*:*:*:*:*:*:*OR cpe:/a:ibm:watson_explorer:12.0.0:*:deep_analytics:*:foundational_components:*:*:*OR cpe:/a:ibm:watson_explorer:12.0.1:*:deep_analytics:*:foundational_components:*:*:*OR cpe:/a:ibm:watson_explorer:12.0.2.0:*:deep_analytics:*:foundational_components:*:*:*OR cpe:/a:ibm:watson_explorer:12.0.2.2:*:deep_analytics:*:foundational_components:*:*:*OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:foundational_components:*:*:*OR cpe:/a:ibm:watson_explorer:12.0.3.1:*:deep_analytics:*:foundational_components:*:*:*OR cpe:/a:ibm:watson_explorer:10.0.0.0:*:foundational_components:*:*:*:*:*OR cpe:/a:ibm:watson_explorer:10.0.0.6:*:foundational_components:*:*:*:*:*OR cpe:/a:ibm:watson_explorer:11.0.0.0:*:foundational_components:*:*:*:*:*OR cpe:/a:ibm:watson_explorer:11.0.2.0:*:foundational_components:*:*:*:*:*OR cpe:/a:ibm:watson_explorer:11.0.2.5:*:foundational_components:*:*:*:*:*OR cpe:/a:ibm:aspera_console:3.4.0:*:*:*:*:*:*:*OR cpe:/a:ibm:aspera_orchestrator:3.1.1:*:*:*:*:*:*:*OR cpe:/a:ibm:aspera_shares:1.9.14:*:*:*:*:*:*:*OR cpe:/a:ibm:netezza_analytics:3.3.5.0:*:*:*:*:*:*:*OR cpe:/a:ibm:mobilefirst_platform_foundation:7.1.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_protect_backup-archive_client:7.1.8.7:*:*:*:*:*:*:*OR cpe:/a:ibm:spectrum_protect_backup-archive_client:8.1.9.0:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*OR cpe:/a:ibm:infosphere_guardium_activity_monitor:11.0:*:*:*:*:*:*:*OR cpe:/a:ibm:infosphere_guardium_activity_monitor:10.5:*:*:*:*:*:*:*OR cpe:/a:ibm:integration_bus:10.0.0.21:*:*:*:*:*:*:*OR cpe:/a:ibm:app_connect:11.0.0.7:*:*:*:enterprise:*:*:*OR cpe:/a:ibm:netcool/system_service_monitor:4.0.1:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
openssl openssl 1.0.2
openssl openssl 1.1.0
openssl openssl 1.1.1
ibm integration bus 9.0.0.0
ibm rational team concert 6.0.2
ibm infosphere master data management 11.6
ibm security guardium 10.5
ibm rational team concert 6.0.6
ibm workload automation 9.2
ibm workload automation 9.3
ibm workload automation 9.4
ibm integration bus 9.0.0.11
ibm integration bus 10.0.0.0
ibm app connect 11.0.0.0
ibm security guardium 10.6
ibm rational team concert 6.0.6.1
ibm sterling b2b integrator 5.0.0.1
ibm watson explorer 11.0.0.3
ibm watson explorer 11.0.1
ibm event streams 2019.2.1
ibm spectrum protect backup-archive client 7.1.0.0
ibm spectrum protect backup-archive client 8.1.0.0
ibm sterling b2b integrator 6.0.2.0
ibm cloud pak system 2.3
ibm cloud pak system 2.3.0.1
ibm infosphere guardium activity monitor 10.6
ibm cloud pak system 2.2.5
ibm cloud pak system 2.2.6
ibm mq for hpe nonstop 8.1.0
ibm mq for hpe nonstop 8.0.4
ibm watson explorer 12.0.0
ibm watson explorer 12.0.1
ibm watson explorer 12.0.2.0
ibm watson explorer 12.0.2.2
ibm watson explorer 12.0.3
ibm watson explorer 12.0.3.1
ibm watson explorer 10.0.0.0
ibm watson explorer 10.0.0.6
ibm watson explorer 11.0.0.0
ibm watson explorer 11.0.2.0
ibm watson explorer 11.0.2.5
ibm aspera console 3.4.0
ibm aspera orchestrator 3.1.1
ibm aspera shares 1.9.14
ibm netezza analytics 3.3.5.0
ibm mobilefirst platform foundation 7.1.0.0
ibm mobilefirst platform foundation 8.0.0.0
ibm security guardium 11.0
ibm spectrum protect backup-archive client 7.1.8.7
ibm spectrum protect backup-archive client 8.1.9.0
ibm cloud pak system 2.3.1.1
ibm security guardium 11.1
ibm infosphere guardium activity monitor 11.0
ibm infosphere guardium activity monitor 10.5
ibm integration bus 10.0.0.21
ibm app connect 11.0.0.7
ibm netcool/system service monitor 4.0.1