製品・ソフトウェアに関する情報

JVN脆弱性詳細

IBM System X および Flex System サーバの Integrated Management Module 2 における暗号保護メカニズムを回避される脆弱性

Title	IBM System X および Flex System サーバの Integrated Management Module 2 における暗号保護メカニズムを回避される脆弱性
Summary	IBM System X および Flex System サーバの Integrated Management Module (IMM) 2 は、短い鍵を使用した SSL 暗号化方式をサポートするため、暗号保護メカニズムを回避される脆弱性が存在します。
Possible impacts	第三者により、(1) SSL または (2) TLS トラフィックに対する総当たり攻撃 (Brute force attack) を介して、暗号保護メカニズムを回避される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 10, 2013, midnight
Registration Date	Jan. 27, 2014, 6:48 p.m.
Last Update	Jan. 27, 2014, 6:48 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

IBM

IBM BladeCenter HS23 7875 および 1929

IBM BladeCenter HS23E 8038 および 8039

IBM Flex System Manager Node 7955

IBM Flex System Manager Node 8731

IBM Flex System Manager Node 8734

IBM Flex System x220 Compute Node 7906 および 2585

IBM Flex System x240 Compute Node 8737、8738、および 7863

IBM Flex System x440 Compute Node 7917

IBM System x iDataPlex Direct Water Cooled dx360 M4 サーバ 7918 および 7919

IBM System x iDataPlex dx360 M4 7912 および 7913

IBM System x3100 M4 2582

IBM System x3250 M4 2583

IBM System x3300 M4 7382

IBM System x3500 M2 7839

IBM System x3500 M3 7380

IBM System x3500 M4 7383

IBM System x3530 M4 7160

IBM System x3550 M2 4198 および 7946

IBM System x3550 M3 4254 および 7944

IBM System x3550 M4 7914

IBM System x3630 M3 7377

IBM System x3630 M4 7158

IBM System x3630 M4 HD 5466

IBM System x3650 M2 4199 および 7947

IBM System x3650 M3 4255、5454、および 7945

IBM System x3650 M4 7915

IBM System x3650 M4 HD 5460

IBM System x3690 X5 7147、7148、7149、および 7192

IBM System x3750 M4 8722、8733、および 8752

IBM System x3850 X5 7143、7145、7146、および 7191

IBM System x3950 X5 7143 および 7145

統合管理モジュール II 1.00 から 2.00

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-4030	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4030
National Vulnerability Database (NVD)
2	CVE-2013-4030	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4030

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	Name	URL
IBM Product Security Incident Response Blog
1	Security Bulletin: Avoiding Weak SSL/TLS Encryption in IBM System x and Flex Systems (CVE-2013-4030)	http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301

その他

No	Name	URL
関連文書
1	x-mgmt-cve20134030-encryption (86068)	http://xforce.iss.net/xforce/xfdb/86068

Change Log

No	Changed Details	Date of change
0	[2014年01月27日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-4030

Summary	Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.
Publication Date	Jan. 21, 2014, 10:55 a.m.
Registration Date	Jan. 26, 2021, 3:42 p.m.
Last Update	Nov. 21, 2024, 10:54 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:ibm:integrated_management_module_2:1.00:::::::*
cpe:2.3:h:ibm:integrated_management_module_2:2.00:::::::*
cpe:2.3:h:ibm:bladecenter:hs23:::::::*
cpe:2.3:h:ibm:bladecenter:hs23e:::::::*
cpe:2.3:h:ibm:flex_system_manager_node_7955:-:::::::*
cpe:2.3:h:ibm:flex_system_manager_node_8731:-:::::::*
cpe:2.3:h:ibm:flex_system_manager_node_8734:-:::::::*
cpe:2.3:h:ibm:flex_system_x220_compute_node:-:::::::*
cpe:2.3:h:ibm:flex_system_x240_compute_node:-:::::::*
cpe:2.3:h:ibm:flex_system_x440_compute_node:-:::::::*
cpe:2.3:h:ibm:system_x_idataplex_direct_water_cooled_dx360_m4_server:-:::::::*
cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:::::::*
cpe:2.3:h:ibm:system_x3100_m4:-:::::::*
cpe:2.3:h:ibm:system_x3250_m4:-:::::::*
cpe:2.3:h:ibm:system_x3300_m4:-:::::::*
cpe:2.3:h:ibm:system_x3500_m2:-:::::::*
cpe:2.3:h:ibm:system_x3500_m3:-:::::::*
cpe:2.3:h:ibm:system_x3500_m4:-:::::::*
cpe:2.3:h:ibm:system_x3530_m4:-:::::::*
cpe:2.3:h:ibm:system_x3550_m2:-:::::::*
cpe:2.3:h:ibm:system_x3550_m3:-:::::::*
cpe:2.3:h:ibm:system_x3550_m4:-:::::::*
cpe:2.3:h:ibm:system_x3630_m3:-:::::::*
cpe:2.3:h:ibm:system_x3630_m4:-:::::::*
cpe:2.3:h:ibm:system_x3630_m4_hd:-:::::::*
cpe:2.3:h:ibm:system_x3650_m2:-:::::::*
cpe:2.3:h:ibm:system_x3650_m3:-:::::::*
cpe:2.3:h:ibm:system_x3650_m4:-:::::::*
cpe:2.3:h:ibm:system_x3650_m4_hd:-:::::::*
cpe:2.3:h:ibm:system_x3690_x5:-:::::::*
cpe:2.3:h:ibm:system_x3750_m4:-:::::::*
cpe:2.3:h:ibm:system_x3850_x5:-:::::::*
cpe:2.3:h:ibm:system_x3950_x5:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301	Vendor Advisory
2	http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301	Vendor Advisory
3	https://exchange.xforce.ibmcloud.com/vulnerabilities/86068
4	https://exchange.xforce.ibmcloud.com/vulnerabilities/86068

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:ibm:integrated_management_module_2:1.00:::::::*
cpe:2.3:h:ibm:integrated_management_module_2:2.00:::::::*
cpe:2.3:h:ibm:bladecenter:hs23:::::::*
cpe:2.3:h:ibm:bladecenter:hs23e:::::::*
cpe:2.3:h:ibm:flex_system_manager_node_7955:-:::::::*
cpe:2.3:h:ibm:flex_system_manager_node_8731:-:::::::*
cpe:2.3:h:ibm:flex_system_manager_node_8734:-:::::::*
cpe:2.3:h:ibm:flex_system_x220_compute_node:-:::::::*
cpe:2.3:h:ibm:flex_system_x240_compute_node:-:::::::*
cpe:2.3:h:ibm:flex_system_x440_compute_node:-:::::::*
cpe:2.3:h:ibm:system_x_idataplex_direct_water_cooled_dx360_m4_server:-:::::::*
cpe:2.3:h:ibm:system_x_idataplex_dx360_m4_server:-:::::::*
cpe:2.3:h:ibm:system_x3100_m4:-:::::::*
cpe:2.3:h:ibm:system_x3250_m4:-:::::::*
cpe:2.3:h:ibm:system_x3300_m4:-:::::::*
cpe:2.3:h:ibm:system_x3500_m2:-:::::::*
cpe:2.3:h:ibm:system_x3500_m3:-:::::::*
cpe:2.3:h:ibm:system_x3500_m4:-:::::::*
cpe:2.3:h:ibm:system_x3530_m4:-:::::::*
cpe:2.3:h:ibm:system_x3550_m2:-:::::::*
cpe:2.3:h:ibm:system_x3550_m3:-:::::::*
cpe:2.3:h:ibm:system_x3550_m4:-:::::::*
cpe:2.3:h:ibm:system_x3630_m3:-:::::::*
cpe:2.3:h:ibm:system_x3630_m4:-:::::::*
cpe:2.3:h:ibm:system_x3630_m4_hd:-:::::::*
cpe:2.3:h:ibm:system_x3650_m2:-:::::::*
cpe:2.3:h:ibm:system_x3650_m3:-:::::::*
cpe:2.3:h:ibm:system_x3650_m4:-:::::::*
cpe:2.3:h:ibm:system_x3650_m4_hd:-:::::::*
cpe:2.3:h:ibm:system_x3690_x5:-:::::::*
cpe:2.3:h:ibm:system_x3750_m4:-:::::::*
cpe:2.3:h:ibm:system_x3850_x5:-:::::::*
cpe:2.3:h:ibm:system_x3950_x5:-:::::::*