CVE-2014-6176

Name of the Vulnerable Software and Affected Versions IBM WebSphere Process Server version 7.0 IBM WebSphere Enterprise Service Bus version 7.0 IBM Business Process Manager Advanced versions 7.5.x through 7.5.1.2 IBM Business Process Manager Advanced versions 8.0.x through 8.0.1.3 IBM Business Process Manager Advanced versions 8.5.x through 8.5.5

Description The issue disregards the SSL setting in the SCA module HTTP import binding and unconditionally selects the SSLv3 protocol. This makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.

Recommendations For IBM WebSphere Process Server version 7.0, update the configuration to enforce a stronger SSL protocol. For IBM WebSphere Enterprise Service Bus version 7.0, update the configuration to enforce a stronger SSL protocol. For IBM Business Process Manager Advanced versions 7.5.x through 7.5.1.2, update the configuration to enforce a stronger SSL protocol. For IBM Business Process Manager Advanced versions 8.0.x through 8.0.1.3, update the configuration to enforce a stronger SSL protocol. For IBM Business Process Manager Advanced versions 8.5.x through 8.5.5, update the configuration to enforce a stronger SSL protocol.