4.3
CVE-2014-6176
- EPSS 0.36%
- Veröffentlicht 16.12.2014 23:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Business Process Manager Version7.5.0.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version7.5.0.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version7.5.1.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version7.5.1.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.0.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.2 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.3 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.5.0.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.5.0.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.5.5.0 SwEditionadvanced
Ibm ≫ Websphere Enterprise Service Bus Version7.0
Ibm ≫ Websphere Process Server Version7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.554 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|