4.3
CVE-2014-6176
- EPSS 0.36%
- Published 16.12.2014 23:59:02
- Last modified 12.04.2025 10:46:40
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Business Process Manager Version7.5.0.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version7.5.0.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version7.5.1.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version7.5.1.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.0.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.2 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.0.1.3 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.5.0.0 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.5.0.1 SwEditionadvanced
Ibm ≫ Business Process Manager Version8.5.5.0 SwEditionadvanced
Ibm ≫ Websphere Enterprise Service Bus Version7.0
Ibm ≫ Websphere Process Server Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.554 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|