PT-2014-5045 · Ibm · Itcam For Transactions
Publicado
2014-10-29
·
Atualizado
2017-08-29
·
CVE-2014-3051
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tivoli Composite Application Manager (ITCAM) for Transactions versions 7.1 through 7.2 before 7.2.0.3 IF28
IBM Tivoli Composite Application Manager (ITCAM) for Transactions versions 7.3 before 7.3.0.1 IF30
IBM Tivoli Composite Application Manager (ITCAM) for Transactions versions 7.4 before 7.4.0.0 IF18
Description
The issue allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate, as the Internet Service Monitor (ISM) agent does not verify X.509 certificates from SSL servers.
Recommendations
For versions 7.1 through 7.2 before 7.2.0.3 IF28, update to 7.2.0.3 IF28 or later.
For versions 7.3 before 7.3.0.1 IF30, update to 7.3.0.1 IF30 or later.
For versions 7.4 before 7.4.0.0 IF18, update to 7.4.0.0 IF18 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Itcam For Transactions