Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4F4F2FCED404DED7D9E28E46E621E3CA2C77E44FDED68F5EC88654C31079B7CC
HistoryJun 17, 2018 - 5:00 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Insight (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)

2018-06-1705:00:33
www.ibm.com
5

0.975 High

EPSS

Percentile

100.0%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.

Vulnerability Details

CVEID:CVE-2014-3566

**Description:**Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.

CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6457

Description: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-6468

Description: An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 6.9 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97138&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Rational Insight 1.1, 1.1.1, 1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4, 1.1.1.5 and 1.1.1.6

Remediation/Fixes

Apply the recommended fixes to all affected versions of Rational Insight.

Rational Insight 1.1

Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2

Rational Insight 1.1.1.3

Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6

  1. If the Data Collection Component or Jazz Reporting Serivce are used, perform this step first.
    Review the topics in Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468) for addressing the listed vulnerabilities in their underlying Jazz Team Server.

  2. If the Cognos-based reporting server is used, also perform this step.
    Download the IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 8.
    Review technote 1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x for the detailed instructions for patch application.

IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.

Workarounds and Mitigations

None

Related

ibm 104
cve 2
prion 2
cvelist 3
nvd 3
ubuntucve 3
debiancve 3
veracode 3
nessus 29
cert 1
openvas 17
hackerone 3
amazon 1
fedora 9
citrix 1
osv 1
f5 1
redhat 3
seebug 1
freebsd 1
centos 2
paloalto 1
securityvulns 2
hp 1
threatpost 1
suse 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)
2019-12-19 16:53:24
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)
2018-06-16 13:08:06
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)
2024-01-29 19:30:27
cve
cve
CVE-2014-6468
2014-10-15 15:55:08
CVE-2014-6457
2014-10-15 15:55:07
prion
prion
Buffer overflow
2014-10-15 15:55:00
Design/Logic Flaw
2014-10-15 15:55:00
cvelist
cvelist
CVE-2014-6468
2014-10-15 15:15:00
CVE-2014-6457
2014-10-15 15:15:00
CVE-2014-3566
2014-10-15 00:00:00
nvd
nvd
CVE-2014-6468
2014-10-15 15:55:08
CVE-2014-6457
2014-10-15 15:55:07
CVE-2014-3566
2014-10-15 00:55:02
ubuntucve
ubuntucve
CVE-2014-6468
2014-10-15 00:00:00
CVE-2014-6457
2014-10-15 00:00:00
CVE-2014-3566
2014-10-14 00:00:00
debiancve
debiancve
CVE-2014-6468
2014-10-15 15:55:08
CVE-2014-6457
2014-10-15 15:55:07
CVE-2014-3566
2014-10-15 00:55:02
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 09:02:24
Information Disclosure
2017-02-07 00:05:45
POODLE Attack
2017-05-03 05:12:56
nessus
nessus
Fedora 20 : libuv-0.10.29-1.fc20 / nodejs-0.10.33-1.fc20 (2014-15379) (POODLE)
2014-12-15 00:00:00
SuSE 11.3 Security Update : suseRegister (SAT Patch Number 10008)
2015-01-06 00:00:00
Mac OS X : OS X Server < 3.2.2 SSLv3 Information Disclosure (POODLE)
2014-10-21 00:00:00
cert
cert
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
openvas
openvas
Fedora Update for nodejs FEDORA-2014-15379
2014-12-15 00:00:00
Fedora Update for python-rhsm FEDORA-2014-13781
2014-11-07 00:00:00
Fedora Update for claws-mail FEDORA-2014-14234
2014-11-11 00:00:00
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23
X (Formerly Twitter): POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)
2017-11-09 21:44:16
Semrush: SSLv3 Poodle Attack on Ip Of semrush
2018-02-22 16:43:36
amazon
amazon
Important: openssl
2014-10-14 22:32:00
fedora
fedora
[SECURITY] Fedora 20 Update: claws-mail-plugins-3.11.1-1.fc20
2014-11-10 06:30:28
[SECURITY] Fedora 21 Update: libetpan-1.6-1.fc21
2014-11-10 06:34:14
[SECURITY] Fedora 21 Update: python-rhsm-1.13.6-1.fc21
2014-11-10 06:34:40
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
osv
osv
lighttpd - security update
2015-07-25 00:00:00
f5
f5
K15702 : SSLv3 vulnerability CVE-2014-3566
2015-09-18 00:00:00
redhat
redhat
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
(RHSA-2014:1948) Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update
2014-12-02 00:00:00
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
seebug
seebug
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
freebsd
freebsd
davmail -- fix potential CVE-2014-3566 vulnerability (POODLE)
2014-10-27 00:00:00
centos
centos
nss security update
2014-12-03 22:45:56
openssl security update
2014-10-16 15:21:39
paloalto
paloalto
SSL 3.0 MITM Attack
2014-10-20 07:00:00
securityvulns
securityvulns
APPLE-SA-2014-10-16-2 Security Update 2014-005
2014-10-18 00:00:00
APPLE-SA-2014-10-16-5 OS X Server v2.2.5
2014-10-18 00:00:00
hp
hp
HPSBPI03360 rev.5 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information
2015-06-19 00:00:00
threatpost
threatpost
OpenSSL Releases Patch for POODLE Attack
2014-10-16 10:29:53
suse
suse
Security update for suseRegister (important)
2015-01-05 21:04:43

0.975 High

EPSS

Percentile

100.0%

JSON
Related for 4F4F2FCED404DED7D9E28E46E621E3CA2C77E44FDED68F5EC88654C31079B7CC
ibm104cve2prion2cvelist3nvd3ubuntucve3debiancve3veracode3nessus29cert1openvas17hackerone3amazon1fedora9citrix1osv1f51redhat3seebug1freebsd1centos2paloalto1securityvulns2hp1threatpost1suse1