Vulnerability Bulletins

IBM Security Bulletin: DH key exchange protocol vulnerability (“Logjam”) in IBM Java SDK affects IBM SPSS Statistics (CVE-2015-4000)

System information
   
Affected software IBM

Description
TLS connections using Diffie-Hellman (DH) key exchange protocol, “Logjam” attack, affects IBM Java SDK 1.6, 1.7 that is used by IBM SPSS Statistics. CVE(s): CVE-2015-4000 Affected product(s) and affected version(s): IBM SPSS Statistics 19.0.0.2 IBM SPSS Statistics 20.0.0.2 IBM SPSS Statistics 21.0.0.2 IBM SPSS Statistics 22.0.0.2 IBM SPSS Statistics 23.0.0.0 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_dh_key_exchange_protocol_vulnerability_logjam_in_ibm_java_sdk_affects_ibm_spss_statistics_cve_2015_4000?lang=en_us

Standar resources
Property Value
CVE CVE-2015-4000 ,CVE-2015-0478 ,CVE-2015-0488 ,CVE-2015-2808 ,CVE-2015-1916 ,CVE-2015-0204 ,CVE-2015-1905 and CVE-2015-1906.

Version history
Version Comments Date
1.0 Advisory issued 2015-07-21
Ministerio de Defensa
CNI
CCN
CCN-CERT