Unrated severityNVD Advisory· Published Mar 25, 2015· Updated May 6, 2026

CVE-2015-0138

Description

GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

Affected products

osv-coords4 versions
pkg:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 1.6.0_sr16.4-15.1+ 3 more
- (no CPE)range: < 1.6.0_sr16.4-15.1
- (no CPE)range: < 1.7.1_sr3.0-11.1
- (no CPE)range: < 1.7.1_sr3.0-11.1
- (no CPE)range: < 1.7.1_sr3.0-11.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000