Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4F4F2FCED404DED7D9E28E46E621E3CA2C77E44FDED68F5EC88654C31079B7CC
HistoryJun 17, 2018 - 5:00 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Insight (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)

2018-06-1705:00:33
www.ibm.com
5

0.975 High

EPSS

Percentile

100.0%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.

Vulnerability Details

CVEID:CVE-2014-3566

**Description:**Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.

CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6457

Description: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-6468

Description: An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 6.9 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97138&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Rational Insight 1.1, 1.1.1, 1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4, 1.1.1.5 and 1.1.1.6

Remediation/Fixes

Apply the recommended fixes to all affected versions of Rational Insight.

Rational Insight 1.1

Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2

Rational Insight 1.1.1.3

Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6

  1. If the Data Collection Component or Jazz Reporting Serivce are used, perform this step first.
    Review the topics in Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468) for addressing the listed vulnerabilities in their underlying Jazz Team Server.

  2. If the Cognos-based reporting server is used, also perform this step.
    Download the IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 8.
    Review technote 1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x for the detailed instructions for patch application.

IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.

Workarounds and Mitigations

None

Related

ibm 108
cvelist 3
prion 2
nvd 2
cve 2
debiancve 2
ubuntucve 2
veracode 2
fedora 17
redhat 2
cisco 1
openvas 18
nessus 25
centos 1
suse 1
seebug 1
cert 1
amazon 1
citrix 1
f5 1
osv 1
hackerone 1
checkpoint_advisories 1
arista 1
virtuozzo 1
debian 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)
2019-12-19 16:53:24
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)
2018-06-16 13:08:06
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)
2021-04-28 18:35:50
cvelist
cvelist
CVE-2014-6468
2014-10-15 15:15:00
CVE-2014-6457
2014-10-15 15:15:00
CVE-2014-3566
2014-10-15 00:00:00
prion
prion
Buffer overflow
2014-10-15 15:55:00
Design/Logic Flaw
2014-10-15 15:55:00
nvd
nvd
CVE-2014-6468
2014-10-15 15:55:08
CVE-2014-6457
2014-10-15 15:55:07
cve
cve
CVE-2014-6468
2014-10-15 15:55:08
CVE-2014-6457
2014-10-15 15:55:07
debiancve
debiancve
CVE-2014-6468
2014-10-15 15:55:08
CVE-2014-6457
2014-10-15 15:55:07
ubuntucve
ubuntucve
CVE-2014-6468
2014-10-15 00:00:00
CVE-2014-6457
2014-10-15 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 09:02:24
Information Disclosure
2017-02-07 00:05:45
fedora
fedora
[SECURITY] Fedora 19 Update: claws-mail-plugins-3.11.1-1.fc19
2015-01-05 07:36:19
[SECURITY] Fedora 20 Update: nodejs-0.10.33-1.fc20
2014-12-15 04:34:00
[SECURITY] Fedora 19 Update: python-rhsm-1.13.6-1.fc19
2014-11-07 02:33:12
redhat
redhat
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
cisco
cisco
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2014-10-15 18:30:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-429)
2015-09-08 00:00:00
Fedora Update for nodejs FEDORA-2014-15411
2015-01-05 00:00:00
Fedora Update for asterisk FEDORA-2014-15621
2015-01-05 00:00:00
nessus
nessus
AIX 7.1 TL 2 : nettcp (IV73974) (POODLE)
2015-06-19 00:00:00
AIX 6.1 TL 8 : nettcp (IV73416) (POODLE)
2015-06-19 00:00:00
FreeBSD : davmail -- fix potential CVE-2014-3566 vulnerability (POODLE) (384fc0b2-0144-11e5-8fda-002590263bf5) (POODLE)
2015-05-26 00:00:00
centos
centos
openssl security update
2014-10-16 15:21:39
suse
suse
Security update for suseRegister (important)
2015-01-05 21:04:43
seebug
seebug
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
cert
cert
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
amazon
amazon
Important: openssl
2014-10-14 22:32:00
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
f5
f5
K15702 : SSLv3 vulnerability CVE-2014-3566
2015-09-18 00:00:00
osv
osv
lighttpd - security update
2015-07-25 00:00:00
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23
checkpoint_advisories
checkpoint_advisories
Secure Socket Layer (SSL) Version 3.0 (CVE-2014-3566)
2014-10-15 00:00:00
arista
arista
Security Advisory 0007
2014-10-20 00:00:00
virtuozzo
virtuozzo
Important product update: Virtuozzo PowerPanel RTM Hotfix 3 (7.0.1-415)
2017-09-20 00:00:00
debian
debian
[SECURITY] [DSA 3489-1] lighttpd security update
2016-02-23 18:26:27

0.975 High

EPSS

Percentile

100.0%

JSON
Related for 4F4F2FCED404DED7D9E28E46E621E3CA2C77E44FDED68F5EC88654C31079B7CC
ibm108cvelist3prion2nvd2cve2debiancve2ubuntucve2veracode2fedora17redhat2cisco1openvas18nessus25centos1suse1seebug1cert1amazon1citrix1f51osv1hackerone1checkpoint_advisories1arista1virtuozzo1debian1