IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-12-16T23:00:00

Updated: 2024-08-06T12:10:12.746Z

Reserved: 2014-09-02T00:00:00

Link: CVE-2014-6176

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-12-16T23:59:02.463

Modified: 2024-11-21T02:13:54.847

Link: CVE-2014-6176

cve-icon Redhat

No data.