Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM72EF00C4B35D9599E1A58E00685282A8A55FD82A122F9FA814B19FB08B691740
HistoryJun 16, 2018 - 9:23 p.m.

Security Bulletin: A SSLv3 POODLE Attack vulnerabilities in IBM SDK for Java shipped by IBM Webshere Application Server shipped with IBM Tivoli/Security Key Lifecycle Manager (CVE-2014-3566)

2018-06-1621:23:44
www.ibm.com
21

0.975 High

EPSS

Percentile

100.0%

JSON

Summary

IBM SDK for Java shipped by IBM Webshere Application Server is shipped as a component of IBM Tivoli/Security Key Lifecycle Manager. Information about a security vulnerability affecting IBM SDK for Java shipped by IBM Webshere Application Server has been published in a security bulletin.

Vulnerability Details

CVEID: CVE-2014-3566

DESCRIPTION:
Product could allow a remote attacker to obtain sensitive information, casued by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.
Please consult the security bulletin <http://www-01.ibm.com/support/docview.wss?uid=swg21687740&gt; for vulnerability details and information about fixes.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97013 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

Principal Product and Version

| Affected Supporting Product and Version
—|—
IBM Tivoli Key Lifecycle Manager 1.0 | IBM Websphere Application Server 6.1.0.0 through 6.1.0.47 - Java SDK 5 SR16
IBM Tivoli Key Lifecycle Manager 2.0| IBM Websphere Application Server 6.1.0.0 through 6.1.0.47 - Java SDK 5 SR16
IBM Tivoli Key Lifecycle Manager 2.0.1| IBM Websphere Application Server 6.1.0.0 through 6.1.0.47 - Java SDK 5 SR16
IBM Security Key Lifecycle Manager 2.5 | IBM Websphere Application Server 8.5.5.0 through 8.5.5.2 - Java SDK 6R1 SR8

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Tivoli Key Lifecycle Manager | 1.0| 1.0.0-TIV-TKLM-FP0006
IBM Tivoli Key Lifecycle Manager | 2.0| 2.0.0-ISS-TKLM-FP0008
IBM Tivoli Key Lifecycle Manager | 2.0.1| 2.0.1-ISS-TKLM-FP0006
IBM Security Key Lifecycle Manager | 2.5| 2.5.0-ISS-SKLM-FP0004

Workarounds and Mitigations

Download and apply Websphere Application Server ifix manually. See security bulletin
Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU

Related

nessus 53
openvas 22
virtuozzo 1
fedora 18
checkpoint_advisories 1
ibm 84
cve 1
debian 2
mageia 1
arista 1
amazon 2
centos 1
redhat 2
suse 1
cisco 1
cert 1
veracode 1
cvelist 1
seebug 1
osv 1
citrix 1
f5 1
hackerone 1
nessus
nessus
SSLv3 Padding Oracle On Downgraded Legacy Encryption in Cisco ASA Software (cisco-sa-20141015-poodle) (POODLE)
2014-10-30 00:00:00
AIX 6.1 TL 8 : nettcp (IV73973) (POODLE)
2015-06-19 00:00:00
Fedora 20 : python-rhsm-1.13.6-1.fc20 / subscription-manager-1.13.6-1.fc20 (2014-13781)
2014-11-07 00:00:00
openvas
openvas
Fedora Update for libuv FEDORA-2014-15379
2014-12-15 00:00:00
Juniper Networks Junos OS SSLv3 POODLE Vulnerability
2015-01-23 00:00:00
Debian Security Advisory DSA 3489-1 (lighttpd - security update)
2016-03-08 00:00:00
virtuozzo
virtuozzo
Important product update: Virtuozzo PowerPanel RTM Hotfix 3 (7.0.1-415)
2017-09-20 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: claws-mail-3.11.1-2.fc19
2015-01-05 07:36:19
[SECURITY] Fedora 21 Update: claws-mail-plugins-3.11.1-1.fc21
2014-11-10 06:34:14
[SECURITY] Fedora 21 Update: asterisk-11.13.1-1.fc21
2014-11-01 16:38:16
checkpoint_advisories
checkpoint_advisories
Secure Socket Layer (SSL) Version 3.0 (CVE-2014-3566)
2014-10-15 00:00:00
ibm
ibm
Security Bulletin: SSLv3 POODLE Attack (CVE-2014-3566)
2018-06-17 22:32:17
Security Bulletin: Vulnerability in SSLv3 affects InfoSphere BigInsights (CVE-2014-3566)
2021-04-08 20:59:42
Security Bulletin: Vulnerability in SSLv3 affects WorkLight Quality Assurance (CVE-2014-3566)
2018-06-17 22:32:47
cve
cve
CVE-2014-3566
2014-10-15 00:55:02
debian
debian
[SECURITY] [DLA 282-1] lighttpd security update
2015-07-25 14:29:15
[SECURITY] [DSA 3489-1] lighttpd security update
2016-02-23 18:26:27
mageia
mageia
Updated ruby-httpclient package enables SSL negotiation
2014-11-26 20:29:06
arista
arista
Security Advisory 0007
2014-10-20 00:00:00
amazon
amazon
Important: nss
2014-10-16 22:14:00
Important: openssl
2014-10-14 22:32:00
centos
centos
openssl security update
2014-10-16 15:21:39
redhat
redhat
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
suse
suse
Security update for suseRegister (important)
2015-01-05 21:04:43
cisco
cisco
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2014-10-15 18:30:00
cert
cert
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
veracode
veracode
Information Disclosure
2017-02-07 00:05:45
cvelist
cvelist
CVE-2014-3566
2014-10-15 00:00:00
seebug
seebug
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
osv
osv
lighttpd - security update
2015-07-25 00:00:00
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
f5
f5
K15702 : SSLv3 vulnerability CVE-2014-3566
2015-09-18 00:00:00
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23

0.975 High

EPSS

Percentile

100.0%

JSON
Related for 72EF00C4B35D9599E1A58E00685282A8A55FD82A122F9FA814B19FB08B691740
nessus53openvas22virtuozzo1fedora18checkpoint_advisories1ibm84cve1debian2mageia1arista1amazon2centos1redhat2suse1cisco1cert1veracode1cvelist1seebug1osv1citrix1f51hackerone1