IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: ibm
Published: 2014-12-16T23:00:00
Updated: 2024-08-06T12:10:12.746Z
Reserved: 2014-09-02T00:00:00
Link: CVE-2014-6176
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-12-16T23:59:02.463
Modified: 2024-11-21T02:13:54.847
Link: CVE-2014-6176
Redhat
No data.