Weak Algorithm Negotiation in IBM QRadar Network Security
CVE-2017-1491

7.5HIGH

Key Information:

Vendor: IBM
Status: Qradar Network Security
Vendor: CVE Published:; 5 September 2017

What is CVE-2017-1491?

IBM QRadar Network Security 5.4 is susceptible to a vulnerability that permits multiple parties to negotiate the encryption and authentication algorithms used, but does not adequately select the strongest algorithm available for both parties. This flaw could lead to less secure configurations, potentially exposing sensitive data to unauthorized access during transmission.

Affected Version(s)

QRadar Network Security 5.4

References

http://www.ibm.com/support/docview.wss?uid=swg22007535

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/128689

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2017
Vulnerability Reserved
Nov 30, 2016