|
Ibm® Sterling Connect: Direct
|
| bet | 45/47 | | Sana | 24.03.2021 | | Hajmi | 84,26 Kb. | | #13516 |
Fix Availability Date: 20 February 2017
High Impact: N
Reported Severity: 2
4.7.0.4_iFix026: RTC530106
Description of Issue: Secure+ API performance enhancement.
Description of Fix: Improved the performance of Secure+ API commands, for example when refreshing certificates is issued from IBM Control Center.
Fix Availability Date: 20 February 2017
High Impact: N
Reported Severity: 5
4.7.0.4_iFix027: RTC528788 / APAR IT19769 / CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
Description of Issue: Vulnerabilities were reported in zlib. zlib is used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs.
Description of Fix: Updated zlib components.
Fix Availability Date: 22 February 2017
High Impact: Y
Reported Severity: 2
4.7.0.4_iFix028: RTC529668 / APAR IT19772 / CVE-2016-2183
Description of Issue: An OpenSSL vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Sterling Connect:Direct for Microsoft Windows uses GSKit and therefore is also vulnerable. This vulnerability is known as the SWEET32 Birthday attack.
Recommendation: IBM recommends that you review your entire environment to identify areas that enable DES/3DES cipher suites and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling DES/3DES cipher suites. You should verify disabling DES/3DES cipher suites does not cause any compatibility issues. Enable the below GSKit remediation when you cannot take the recommended action and disable DES/3DES cipher suites in your environment.
|
| |
