IBM32C184B7AD6EDED2AF74EDBAFA0BD1F7B5DC8B659D8C4035079B542325469AD7Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Lombardi Edition and IBM Business Process Manager (CVE-2015-2808)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Summary
The RC4 “Bar Mitzvah” attack for SSL/TLS affects IBM WebSphere Application Server that is used by WebSphere Lombardi Edition (WLE) and IBM Business Process Manager.
Vulnerability Details
CVEID: CVE-2015-2808**
DESCRIPTION:** The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve credit card data or other sensitive information. This vulnerability is commonly referred to as “Bar Mitzvah Attack”.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101851 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Products and Versions
-
- IBM Business Process Manager V7.5.x through V8.5.6.0
- WebSphere Lombardi Edition V7.2.0.x
For_ earlier unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product._
Remediation/Fixes
Please consult the security bulletin Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Application Server (CVE-2015-2808) for vulnerability details and information about fixes.
Workarounds and Mitigations
None
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N