Document Information - Document Type: Security Bulletin - Document ID: c04876402 - Last Updated Date: 2016-03-09 - Published Date: 2015-11-03 - Document Version: 1 Potential Security Impact - Information Disclosure Vulnerability Overview - A potential security vulnerability has been identified in HP Project and Portfolio Management Center. - This vulnerability is a TLS vulnerability, utilizing U.S. export-grade 512-bit keys in Diffie-Hellman key exchange, known as "Logjam", which can be exploited remotely to cause information disclosure. - Note: This vulnerability exists within the TLS protocol and is not specific to HP Project and Portfolio Management Center. Supported Software Versions - Only affected versions are listed: - Project and Portfolio Management Center v9.10, v9.11, v9.12, v9.13, v9.14, v9.20, v9.21, v9.22, v9.30, and v9.31 Background - CVSS 2.0 Base Metrics: Base Score of 4.3 Solution - HP provides the following method to address the vulnerability in affected versions of Project and Portfolio Management Center: - Refer to HP Software Support Online (SSO). History - Version 1 (rev.1) - Initially released on November 4, 2015 Third-Party Security Patches - Systems running HPE software products should install third-party security patches according to customer patch management policies. Support - If you encounter issues implementing the recommendations in this security bulletin, contact your normal HPE service support channels. For other questions regarding the content of this security bulletin, please email security-alert@hpe.com. Reporting - If you discover any potential security vulnerabilities in HPE-supported products, please email security-alert@hpe.com. Subscription - Subscribe via email to receive future HPE security bulletin alerts: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive - A list of recently published security bulletins can be found here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category - The two-character code in the title of this security bulletin represents the software product category. - 3C: 3COM - 3P: Third-party software - GN: HP General Software - HF: HP Hardware and Firmware - MU: Multi-platform software - NS: Non-stop servers - OV: OpenVMS - PV: ProCurve - ST: Storage software - UX: HP-UX