IBM5F641DCF61E2B13957D7C4C6E67EB09E245EF918E554024E43EFAD6403CE6CE2Security Bulletin: No validation on SSL certificates in IBM Tivoli Composite Application Manager for Transactions (CVE-2014-3051)
EPSS
Percentile
20.6%
Summary
IBM Tivoli Composite Application Manager for Transactions does not validate SSL certificates during normal operation. An attacker could perform man in middle attack techniques and obtain authentication credentials.
Vulnerability Details
CVE-ID:CVE-2014-3051
**DESCRIPTION:**IBM Tivoli Composite Application Manager for Transactions does not validate SSL certificates during normal operation. An attacker could perform man in middle attack techniques and obtain authentication credentials.
CVSS Base Score: 4.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/93444>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
IBM Tivoli Composite Application Manager (ITCAM) for Transactions is affected. ITCAM for Transactions contains multiple sub components (Agents). Only the Internet Service Monitor (ISM – Agent code ‘IS’) is affected.
Versions:
· 7.4 – Affected by CVE-2014-3051
· 7.3 – Affected by CVE-2014-3051
· 7.2 – Affected by CVE-2014-3051
· 7.1 – Affected by CVE-2014-3051
Remediation/Fixes
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
7.4.0.0-TIV-CAMIS-IF0018| 7.4.0.0| None| http://www.ibm.com/support/docview.wss?uid=isg400001898
7.3.0.1-TIV-CAMIS-IF0030| 7.3.0.1| None| http://www.ibm.com/support/docview.wss?uid=isg400001928
7.2.0.3-TIV-CAMIS-IF0028| 7.2.0.3| None| http://www.ibm.com/support/docview.wss?uid=isg400001943
Will Not Fix| 7.1.0.0| None| Upgrade to 7.4.0.0-TIV-CAMIS-IF0018
Workarounds and Mitigations
None
Related
EPSS
Percentile
20.6%