Vulnerability in Ibm Business_process_manager

CVE-2014-6176

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import bin…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.004 (58.5th percentile) — read the EPSS interpretation.

Affected products

Ibm Business_process_manager — versions 7.5.0.0, 7.5.0.1, 7.5.1.0
Ibm Websphere_enterprise_service_bus — versions 7.0
Ibm Websphere_process_server — versions 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
1031383 (vdb-entry, x_refsource_SECTRACK)
1031382 (vdb-entry, x_refsource_SECTRACK)
JR51593 (vendor-advisory, x_refsource_AIXAPAR)
ibm-websphere-cve20146176-weak-security(98488) (vdb-entry, x_refsource_XF)