A number of potential security vulnerabilies have been discovered in connection with OpenSSL Libraries which are included in IBM Tivoli Network Manager 3.8 and 3.9.
OpenSSL Security Advisory updates Feb 2013 -CVE-2012-2190 CVE-2013-0169, CVE-2013-0166, CVE-2012-2686.
GSKit Lucky 13 TLS CBC Timing Attack - CVE-2013-0169.
OpenSSL versions prior to 1.0.0 do not follow best security practices and need to upgrade -
CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2011-3207 CVE-2011-3210 CVE-2011-0014 CVE-2010-4252 CVE-2010-3864 CVE-2010-0742 CVE-2010-1633.
PKCS#12 Trust Anchor Insertion Vulnerability - CVE-2012-2203.
GSKit Encrypted Record Length Vulnerability - CVE-2012-2191.
A vulnerability in relation to Session ID Lengths and SSL/TLS Server has been discovered that impacts GSKit - CVE-2012-2190
Affected product(s) and affected version(s):
Tivoli Network Manager 3.9 FP3
Tivoli Network Manager 3.8 FP7
Refer to the following reference URLs for remediation and additional vulnerability details.
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21643698