CVE-2014-6176

Sažetak

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.

Reference

http://www.securitytracker.com/id/1031382
http://www.securitytracker.com/id/1031383
http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593
http://www-01.ibm.com/support/docview.wss?uid=swg21690780
https://exchange.xforce.ibmcloud.com/vulnerabilities/98488

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

08-09-2017 - 01:29

Objavljeno

16-12-2014 - 23:59