Boletines de Vulnerabilidades

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Network Manager IP Edition V3.9 Fix Pack 4 HTTPS support for Perl Collectors (CVE-2014-3566, CVE-2014-3513, CVE-2014-3567,C

Información sobre el sistema
   
Software afectado IBM

Descripción
IBM Tivoli Network Manager IP Edition 3.9 Fixpack 4 added HTTPS support for three Perl Collectors (Alcatel5620SamSoap collector, Alcatel5620SamSoapFindtoFile collector, and Alcatel5529IdmSoap collector) which required user to install OpenSSL. 1. SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. By default, SSLv3 is not enabled in IBM Tivoli Network Manager IP Edition V3.9 Fix Pack 4. CVE-ID:CVE-2014-3566 2. Security

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_openssl_affect_ibm_tivoli_network_manager_ip_edition_v3_9_fix_pack_4_https_support_for_perl_collectors_cve_2014_3566_cve_2014_3513_cve_2014_3567_c

Identificadores estándar
Propiedad Valor
CVE

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-12-27

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT