A number of potential security vulnerabilies have been discovered in connection with OpenSSL Libraries which are included in IBM Tivoli Network Manager 3.9.
OpenSSL Security Advisory updates Feb 2013:
GSKit Lucky 13 TLS CBC Timing Attack - CVE-2013-0169.
A vulnerability in relation to Session ID Lengths and SSL/TLS Server has been discovered that impacts GSKit - CVE-2012-2190 and CVE-2012-0166
CVE(s): CVE-2013-0169, CVE-2012-2190, CVE-2012-0166 and CVE-2013-0166
Affected product(s) and affected version(s):
Tivoli Network Manager 3.9 FP4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21668799
X-Force Database: http://xforce.iss.net/xforce/xfdb/75994
X-Force Database: http://xforce.iss.net/xforce/xfdb/81904
X-Force Database: http://xforce.iss.net/xforce/xfdb/81902