3 matches found
Security Bulletin: SSL certificate validation disabled through a vulnerability in the Auto-Scaling for Bluemix service agent (CVE-2016-0323)
Summary Liberty for Java applications bound to the Auto-Scaling for Bluemix service have SSL certificate validation disabled through a vulnerability in the agent for the service. The default SSL connection factory for https requests is set to bypass all trust management in this vulnerability...
CVE-2016-0323
The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors...
CVE-2016-0323
The CVE-2016-0323 issue affects Liberty for Java running in IBM Bluemix when bound to the Auto-Scaling for Bluemix service, specifically versions prior to 2.7-20160321-1358. The Auto-Scaling agent can disable SSL certificate validation, bypassing the HTTPS trust-management feature. The IBM Bluemi...