CVE-2014-6176
Summary
| CVE | CVE-2014-6176 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-12-16 23:59:00 UTC |
| Updated | 2017-09-08 01:29:00 UTC |
| Description | IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher. |
Risk And Classification
Problem Types: CWE-310
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Websphere Enterprise Service Bus | 7.0 | All | All | All |
| Application | Ibm | Websphere Enterprise Service Bus | 7.0 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM notice: The page you requested cannot be displayed | AIXAPAR | www-01.ibm.com | |
| IBM Business Process Manager May Use the Incorrect SSLv3 Version - SecurityTracker | SECTRACK | www.securitytracker.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Security Bulletin: Incorrect SSL protocol variant in SCA HTTP binding affecting WebSphere Enterprise Service Bus, WebSphere Process Server and IBM Business Process Manager Advanced (CVE-2014-6176) | CONFIRM | www-01.ibm.com | Vendor Advisory |
| IBM WebSphere Process Server and Enterprise Service Bus May Use the Incorrect SSLv3 Version - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.