Boletines de Vulnerabilidades

IBM Security Bulletin: No validation on SSL certificates in IBM Tivoli Composite Application Manager for Transactions (CVE-2014-3051)

Información sobre el sistema
   
Software afectado IBM

Descripción
IBM Tivoli Composite Application Manager for Transactions does not validate SSL certificates during normal operation. An attacker could perform man in middle attack techniques and obtain authentication credentials. CVE(s): CVE-2014-3051 Affected product(s) and affected version(s): IBM Tivoli Composite Application Manager (ITCAM) for Transactions is affected. ITCAM for Transactions contains multiple sub components (Agents). Only the Internet Service Monitor (ISM – Agent code

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_no_validation_on_ssl_certificates_in_ibm_tivoli_composite_application_manager_for_transactions_cve_2014_3051?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2014-3051 ,CVE-2014-3566 ,CVE-2014-4814 ,CVE-2014-4808 ,CVE-2014-4821 ,CVE-2014-6125 ,CVE-2014-6126 ,CVE-2013-4353 ,CVE-2014-5191 and CVE-2014-4263.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-10-29

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT