4.3
CVE-2014-6176
- EPSS 0.36%
- Veröffentlicht 16.12.2014 23:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Business Process Manager Version7.5.0.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version7.5.0.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version7.5.1.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version7.5.1.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.0.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.2 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.3 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.5.0.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.5.0.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.5.5.0 SwEditionadvanced
Ibm ≫ Websphere Enterprise Service Bus Version7.0
Ibm ≫ Websphere Process Server Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.554 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|