IBM Tivoli Composite Application Manager for Transactions does not validate SSL certificates during normal operation. An attacker could perform man in middle attack techniques and obtain authentication credentials.
CVE-ID:CVE-2014-3051
**DESCRIPTION:**IBM Tivoli Composite Application Manager for Transactions does not validate SSL certificates during normal operation. An attacker could perform man in middle attack techniques and obtain authentication credentials.
CVSS Base Score: 4.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/93444>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
IBM Tivoli Composite Application Manager (ITCAM) for Transactions is affected. ITCAM for Transactions contains multiple sub components (Agents). Only the Internet Service Monitor (ISM – Agent code ‘IS’) is affected.
Versions:
· 7.4 – Affected by CVE-2014-3051
· 7.3 – Affected by CVE-2014-3051
· 7.2 – Affected by CVE-2014-3051
· 7.1 – Affected by CVE-2014-3051
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
7.4.0.0-TIV-CAMIS-IF0018| 7.4.0.0| None| http://www.ibm.com/support/docview.wss?uid=isg400001898
7.3.0.1-TIV-CAMIS-IF0030| 7.3.0.1| None| http://www.ibm.com/support/docview.wss?uid=isg400001928
7.2.0.3-TIV-CAMIS-IF0028| 7.2.0.3| None| http://www.ibm.com/support/docview.wss?uid=isg400001943
Will Not Fix| 7.1.0.0| None| Upgrade to 7.4.0.0-TIV-CAMIS-IF0018
None