CVE-2014-6176
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, y Business Process Manager Advanced 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5 desatienden la configuración SSL setting en el enlace de importación de HTTP del módulo SCA y seleccionan incondicionalmente el protocolo SSLv3, lo que facilita a atacantes remotos secuestrar sesiones o obtener información sensible a través del aprovechamiento del uso de un cifrado débil.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-09-02 CVE Reserved
- 2014-12-16 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1031382 | Vdb Entry | |
| http://www.securitytracker.com/id/1031383 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98488 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593 | 2017-09-08 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21690780 | 2017-09-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 7.5.0.0 Search vendor "Ibm" for product "Business Process Manager" and version "7.5.0.0" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 7.5.0.1 Search vendor "Ibm" for product "Business Process Manager" and version "7.5.0.1" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 7.5.1.0 Search vendor "Ibm" for product "Business Process Manager" and version "7.5.1.0" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 7.5.1.1 Search vendor "Ibm" for product "Business Process Manager" and version "7.5.1.1" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 8.0.0.0 Search vendor "Ibm" for product "Business Process Manager" and version "8.0.0.0" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 8.0.1.0 Search vendor "Ibm" for product "Business Process Manager" and version "8.0.1.0" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 8.0.1.1 Search vendor "Ibm" for product "Business Process Manager" and version "8.0.1.1" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 8.0.1.2 Search vendor "Ibm" for product "Business Process Manager" and version "8.0.1.2" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 8.0.1.3 Search vendor "Ibm" for product "Business Process Manager" and version "8.0.1.3" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 8.5.0.0 Search vendor "Ibm" for product "Business Process Manager" and version "8.5.0.0" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 8.5.0.1 Search vendor "Ibm" for product "Business Process Manager" and version "8.5.0.1" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Business Process Manager Search vendor "Ibm" for product "Business Process Manager" | 8.5.5.0 Search vendor "Ibm" for product "Business Process Manager" and version "8.5.5.0" | advanced |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Websphere Enterprise Service Bus Search vendor "Ibm" for product "Websphere Enterprise Service Bus" | 7.0 Search vendor "Ibm" for product "Websphere Enterprise Service Bus" and version "7.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Websphere Process Server Search vendor "Ibm" for product "Websphere Process Server" | 7.0 Search vendor "Ibm" for product "Websphere Process Server" and version "7.0" | - |
Affected
| ||||||