Boletines de Vulnerabilidades

IBM Security Bulletin: IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v2.2 and v9 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on SSL

Información sobre el sistema
   
Software afectado IBM

Descripción
SSLv3 protocol used to secure a number of connection paths in IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis is vulnerable to POODLE attack. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and agent-server messages. You are not vulnerable, if your environment is already FIPS or SP800-131 compliant. CVE(s): CVE-2014-3566 Affected product(s) and affected version(s): IBM License Metric Tool v9, IBM

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_license_metric_tool_v9_and_ibm_endpoint_manager_for_software_use_analysis_v2_2_and_v9_are_vulnerable_to_padding_oracle_on_downgraded_legacy_encryption_poodle_attack_on_ss

Identificadores estándar
Propiedad Valor
CVE

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-04-10

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT