Ibm · Ibm Websphere Datapower Appliances · CVE-2014-0852
**Name of the Vulnerable Software and Affected Versions**
IBM WebSphere DataPower SOA appliances versions 4.0.2.15 and earlier
IBM WebSphere DataPower SOA appliances versions 5.x through 5.0.0.17
IBM WebSphere DataPower SOA appliances versions 6.0.0.x through 6.0.0.9
IBM WebSphere DataPower SOA appliances versions 6.0.1.x through 6.0.1.5
**Description**
The issue makes it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack.
**Recommendations**
For versions 4.0.2.15 and earlier, update to a version later than 4.0.2.15.
For versions 5.x through 5.0.0.17, update to a version later than 5.0.0.17.
For versions 6.0.0.x through 6.0.0.9, update to a version later than 6.0.0.9.
For versions 6.0.1.x through 6.0.1.5, update to a version later than 6.0.1.5.