Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM08E6A2841DB1CBB38453EBB4437A0108A491F5E2C7B246ED398517EA3223ABF2
HistoryJun 15, 2018 - 7:02 a.m.

Security Bulletin: WebSphere Process Server Hypervisor Edition vulnerability (CVE-2014-3566)

2018-06-1507:02:03
www.ibm.com
9

EPSS

0.975

Percentile

100.0%

JSON

Summary

SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere Application Server. IBM WebSphere Application Server is shipped as a component of IBM WebSphere Process Server Hypervisor Edition. Information about this security vulnerability, which affects IBM WebSphere Application Server, has been published in a security bulletin.

Vulnerability Details

CVE ID: CVE-2014-3566

DESCRIPTION:

IBM WebSphere Application Server is shipped as a component of IBM WebSphere Process Sever Hypervisor Edition. IBM WebSphere Application might allow a remote attacker to obtain sensitive information, which is caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack might exploit this vulnerability using a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plain text of encrypted connections.

CVSS:

CVSS Base Score: 4.3

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97013 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

For IBM WebSphere Application Server vulnerability details, refer to**:**Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)

Affected Products and Versions

    • WebSphere Process Server Hypervisor Edition 6.2
  • WebSphere Process Server Hypervisor Edition 7.0
  • WebSphere Process Server Hypervisor Edition for Novell SUSE Linux Enterprise Server for System z 6.2
  • WebSphere Process Server Hypervisor Edition for Novell SUSE Linux Enterprise Server for System z 7.0
  • WebSphere Process Server Hypervisor Edition for Red Hat Enterprise Linux Server for x86 (32-bit) 7.0

Workarounds and Mitigations

None

Related

nessus 41
openvas 19
ibm 99
fedora 18
centos 1
suse 1
redhat 2
cisco 1
seebug 1
f5 1
hackerone 1
citrix 1
amazon 2
osv 1
cert 1
veracode 1
cvelist 1
checkpoint_advisories 1
debian 2
virtuozzo 1
mageia 1
cve 1
arista 1
nessus
nessus
Fedora 21 : claws-mail-3.11.1-2.fc21 / claws-mail-plugins-3.11.1-1.fc21 / libetpan-1.6-1.fc21 (2014-14217) (POODLE)
2014-11-11 00:00:00
AIX 6.1 TL 8 : nettcp (IV73416) (POODLE)
2015-06-19 00:00:00
Fedora 20 : openssl-1.0.1e-40.fc20 (2014-13069) (POODLE)
2014-10-20 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-429)
2015-09-08 00:00:00
Debian: Security Advisory (DSA-3489-1)
2016-03-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0010-1)
2021-06-09 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in SSLv3 affects IBM Platform Symphony (CVE-2014-3566)
2018-06-18 01:26:39
Security Bulletin: Vulnerability in SSLv3 affects IBM Tivoli Composite Application Manager for Transactions (CVE-2014-3566)
2018-06-17 14:51:40
Security Bulletin: Vulnerability in SSLv3 affects Warehouse Administration Console and Cubing Services components of IBM InfoSphere Warehouse and IBM DB2 for Linux, Unix and Windows (CVE-2014-3566)
2018-06-16 13:07:48
fedora
fedora
[SECURITY] Fedora 20 Update: claws-mail-3.11.1-2.fc20
2014-11-10 06:30:29
[SECURITY] Fedora 19 Update: claws-mail-plugins-3.11.1-1.fc19
2015-01-05 07:36:19
[SECURITY] Fedora 21 Update: subscription-manager-1.13.6-1.fc21
2014-11-10 06:34:40
centos
centos
openssl security update
2014-10-16 15:21:39
suse
suse
Security update for suseRegister (important)
2015-01-05 21:04:43
redhat
redhat
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
cisco
cisco
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2014-10-15 18:30:00
seebug
seebug
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
f5
f5
K15702 : SSLv3 vulnerability CVE-2014-3566
2015-09-18 00:00:00
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
amazon
amazon
Important: openssl
2014-10-14 22:32:00
Important: nss
2014-10-16 22:14:00
osv
osv
lighttpd - security update
2015-07-25 00:00:00
cert
cert
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
veracode
veracode
Information Disclosure
2017-02-07 00:05:45
cvelist
cvelist
CVE-2014-3566
2014-10-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Secure Socket Layer (SSL) Version 3.0 (CVE-2014-3566)
2014-10-15 00:00:00
debian
debian
[SECURITY] [DLA 282-1] lighttpd security update
2015-07-25 14:29:15
[SECURITY] [DSA 3489-1] lighttpd security update
2016-02-23 18:26:27
virtuozzo
virtuozzo
Important product update: Virtuozzo PowerPanel RTM Hotfix 3 (7.0.1-415)
2017-09-20 00:00:00
mageia
mageia
Updated ruby-httpclient package enables SSL negotiation
2014-11-26 20:29:06
cve
cve
CVE-2014-3566
2014-10-15 00:55:02
arista
arista
Security Advisory 0007
2014-10-20 00:00:00

EPSS

0.975

Percentile

100.0%

JSON
Related for 08E6A2841DB1CBB38453EBB4437A0108A491F5E2C7B246ED398517EA3223ABF2
nessus41openvas19ibm99fedora18centos1suse1redhat2cisco1seebug1f51hackerone1citrix1amazon2osv1cert1veracode1cvelist1checkpoint_advisories1debian2virtuozzo1mageia1cve1arista1