Vulnerability Description
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Composite Application Manager For Transactions | 7.1.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/59756
- http://www-01.ibm.com/support/docview.wss?uid=swg21682290PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93444
- http://secunia.com/advisories/59756
- http://www-01.ibm.com/support/docview.wss?uid=swg21682290PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93444
FAQ
What is CVE-2014-3051?
CVE-2014-3051 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does...
How severe is CVE-2014-3051?
CVE-2014-3051 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3051?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Composite Application Manager For Transactions.