Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM47A806B772137187519E1C7F6622210DD136C6BE778B7FF39A7411F9952F5676
HistoryJun 15, 2018 - 11:13 p.m.

Security Bulletin: TLS padding vulnerability affects IBM Cognos Business Intelligence (CVE-2014-8730)

2018-06-1523:13:35
www.ibm.com
13

EPSS

0.917

Percentile

98.9%

JSON

Summary

Transport Layer Security (TLS) padding vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack affects IBM Cognos Business Intelligence.

Vulnerability Details

CVE-ID: CVE-2014-8730

DESCRIPTION:
Product could allow a remote attacker to obtain sensitive information, caused by the failure to check the contents of the padding bytes when using CBC cipher suites of some TLS implementations. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack to decrypt sensitive information and calculate the plaintext of secure connections.

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99216&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM Cognos Business Intelligence Server 10.2.2

Remediation/Fixes

The recommended solution is to apply the fix for versions listed as soon as practical.

You should verify applying this fix does not cause any compatibility issues.

Related

ibm 63
nessus 3
securityvulns 2
f5 3
fortinet 1
threatpost 1
thn 1
paloalto 1
cisco 1
cvelist 1
lenovo 2
prion 1
cve 1
nvd 1
ibm
ibm
Security Bulletin: TLS padding vulnerability affects IBM Netezza Performance Portal (CVE-2014-8730)
2019-10-18 03:10:29
Security Bulletin: TLS padding vulnerability has been identified in IBM Tivoli Provisioning Manager for OS Deployment and IBM Tivoli Monitoring shipped with IBM System Director Editions. (CVE-2014-8730)
2019-01-31 01:35:01
Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with WebSphere Remote Server (CVE-2014-8730)
2018-06-15 07:02:46
nessus
nessus
F5 Networks BIG-IP : TLS1.x padding vulnerability (K15882)
2014-12-09 00:00:00
IBM HTTP Server 8.5.0.0 <= 8.5.5.4 / 8.0.0.0 <= 8.0.0.10 / 7.0.0.0 <= 7.0.0.35 / 6.1.0.0 <= 6.1.0.47 / 6.0.0.0 <= 6.0.2.43 (521711)
2021-01-06 00:00:00
IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE)
2015-07-18 00:00:00
securityvulns
securityvulns
[oss-security] CVE question: Return of POODLE
2014-12-09 00:00:00
OpenSSL multiple security vulnerabilities
2014-12-09 00:00:00
f5
f5
K15882 : TLS1.x padding vulnerability CVE-2014-8730
2015-09-25 00:00:00
SOL15702 - SSLv3 vulnerability CVE-2014-3566
2014-10-14 00:00:00
SOL15882 - TLS1.x padding vulnerability CVE-2014-8730
2014-12-08 00:00:00
fortinet
fortinet
CVE-2014-8730 "Poodle for TLS" vulnerability
2014-12-18 00:00:00
threatpost
threatpost
Two Cisco Products Vulnerable to POODLE Attack on TLS
2014-12-16 09:10:44
thn
thn
POODLE SSL Vulnerability Now Attacking TLS Security Protocol
2014-12-09 04:03:00
paloalto
paloalto
Padding-oracle attack on TLS CBC cipher mode
2015-01-12 08:00:00
cisco
cisco
SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability
2014-12-11 19:21:05
cvelist
cvelist
CVE-2014-8730
2014-12-10 00:00:00
lenovo
lenovo
POODLE: SSLv3 Vulnerability
2016-07-22 00:00:00
POODLE: SSLv3 Vulnerability - Lenovo Support US
2016-07-22 00:00:00
prion
prion
Code injection
2014-12-10 00:59:00
cve
cve
CVE-2014-8730
2014-12-10 00:59:01
nvd
nvd
CVE-2014-8730
2014-12-10 00:59:01

EPSS

0.917

Percentile

98.9%

JSON
Related for 47A806B772137187519E1C7F6622210DD136C6BE778B7FF39A7411F9952F5676
ibm63nessus3securityvulns2f53fortinet1threatpost1thn1paloalto1cisco1cvelist1lenovo2prion1cve1nvd1