PT-2014-5045 · Ibm · Itcam For Transactions
Published
2014-10-29
·
Updated
2017-08-29
·
CVE-2014-3051
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tivoli Composite Application Manager (ITCAM) for Transactions versions 7.1 through 7.2 before 7.2.0.3 IF28
IBM Tivoli Composite Application Manager (ITCAM) for Transactions versions 7.3 before 7.3.0.1 IF30
IBM Tivoli Composite Application Manager (ITCAM) for Transactions versions 7.4 before 7.4.0.0 IF18
Description
The issue allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate, as the Internet Service Monitor (ISM) agent does not verify X.509 certificates from SSL servers.
Recommendations
For versions 7.1 through 7.2 before 7.2.0.3 IF28, update to 7.2.0.3 IF28 or later.
For versions 7.3 before 7.3.0.1 IF30, update to 7.3.0.1 IF30 or later.
For versions 7.4 before 7.4.0.0 IF18, update to 7.4.0.0 IF18 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Itcam For Transactions