SSL Cipher Suite Weakness in IBM Security Access Manager for Mobile and Web
CVE-2014-6087

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Web
Vendor: CVE Published:; 18 December 2014

What is CVE-2014-6087?

The vulnerability in IBM Security Access Manager for Mobile and Web stems from the use of a weak algorithm in an SSL cipher suite, which allows remote attackers to sniff network traffic and capture sensitive information during transmission. The affected versions of both products fail to employ adequate encryption methods, thereby increasing the risk of unauthorized data exposure.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21684475

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/95813

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2014
Vulnerability Reserved
Sep 2, 2014