CVE-2014-0897

Name of the Vulnerable Software and Affected Versions IBM Flex System Manager versions 1.2.0.x through 1.3.1.x

Description The issue concerns the Configuration Patterns component in IBM Flex System Manager, which uses a weak algorithm during an encryption step in Chassis Management Module account creation. This weakness makes it easier for remote authenticated users to defeat cryptographic protection mechanisms.

Recommendations For versions 1.2.0.x through 1.3.1.x, consider restricting access to the Chassis Management Module account creation process until a fix is available. As a temporary workaround, restrict the use of the weak encryption algorithm in the Configuration Patterns component. Avoid using the affected Configuration Patterns component for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.