CVE-2014-3051

EUVD-2014-3072
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
ibmtivoli_composite_application_manager_for_transactions
7.1.0.0
ibmtivoli_composite_application_manager_for_transactions
7.1.0.1
ibmtivoli_composite_application_manager_for_transactions
7.1.0.2
ibmtivoli_composite_application_manager_for_transactions
7.1.0.3
ibmtivoli_composite_application_manager_for_transactions
7.1.0.4
ibmtivoli_composite_application_manager_for_transactions
7.2.0.0
ibmtivoli_composite_application_manager_for_transactions
7.2.0.1
ibmtivoli_composite_application_manager_for_transactions
7.2.0.2
ibmtivoli_composite_application_manager_for_transactions
7.3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/59756
http://www-01.ibm.com/support/docview.wss?uid=swg21682290
https://exchange.xforce.ibmcloud.com/vulnerabilities/93444
http://secunia.com/advisories/59756
http://www-01.ibm.com/support/docview.wss?uid=swg21682290
https://exchange.xforce.ibmcloud.com/vulnerabilities/93444