NVD

Id
31318  
Name
CVE-2014-3051  
Description
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2014-10-29  
Modified Date
2015-11-20  
Seq
2014-3051  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
164004 31318 CVE-2014-3051 http://www-01.ibm.com/support/docview.wss?uid=swg21682290  View
164005 31318 CVE-2014-3051 ibm-itcam-cve20143051-ssl(93444)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16248 JVNDB-2014-005123 IBM Tivoli Composite Application Manager for Transactions の Internet Service Monitor エージェントにおけるサーバになりすまされる脆弱性 IBM Tivoli Composite Application Manager (ITCAM) for Transactions の Internet Service Monitor (ISM) エージェントは、SSL サーバからの X.509 証明書を検証しないため、サーバになりすまされ、認証情報を取得される脆弱性が存在します。 CVE-2014-3051 70338 CVE-2014-3051 31318 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005123.html 2014-10-24 2014-10-30 View