IBM Security Bulletin: IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v2.2 and v9 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on SSL
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
SSLv3 protocol used to secure a number of connection paths in IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis is vulnerable to POODLE attack. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and agent-server messages. You are not vulnerable, if your environment is already FIPS or SP800-131 compliant. CVE(s): CVE-2014-3566 Affected product(s) and affected version(s): IBM License Metric Tool v9, IBM
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_license_metric_tool_v9_and_ibm_endpoint_manager_for_software_use_analysis_v2_2_and_v9_are_vulnerable_to_padding_oracle_on_downgraded_legacy_encryption_poodle_attack_on_ss |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
|