IBM InfoSphere BigInsights CVE-2014-0905 Man in the Middle Information Disclosure Vulnerability

Bugtraq ID:	69067
Class:	Design Error
CVE:	CVE-2014-0905
Remote:	Yes
Local:	No
Published:	Aug 04 2014 12:00AM
Updated:	Aug 04 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM InfoSphere BigInsights 2.1.2 IBM InfoSphere BigInsights 2.1.1 IBM InfoSphere BigInsights 2.1 IBM InfoSphere BigInsights 2.0
Not Vulnerable:

IBM InfoSphere BigInsights CVE-2014-0905 Man in the Middle Information Disclosure Vulnerability

IBM InfoSphere BigInsights is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to perform man-in-the-middle attacks and disclose sensitive information. Successful exploits may lead to other attacks.

IBM InfoSphere BigInsights 2.0 through 2.1.2 are vulnerable.

IBM InfoSphere BigInsights CVE-2014-0905 Man in the Middle Information Disclosure Vulnerability

An attacker may use readily available network tools to exploit this issue.

IBM InfoSphere BigInsights CVE-2014-0905 Man in the Middle Information Disclosure Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

IBM InfoSphere BigInsights CVE-2014-0905 Man in the Middle Information Disclosure Vulnerability

References:

• InfoSphere BigInsights Homepage (IBM)
  
• Security Bulletin:Missing Secure Attribute in Encrypted Session (SSL) in InfoSph (IBM)