IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x up to and including 7.5.1.2, 8.0.x up to and including 8.0.1.3, and 8.5.x up to and including 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote malicious users to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm business process manager 8.0.1.0 |
||
ibm business process manager 8.0.1.1 |
||
ibm business process manager 7.5.1.1 |
||
ibm business process manager 8.0.0.0 |
||
ibm business process manager 8.5.5.0 |
||
ibm business process manager 8.0.1.2 |
||
ibm business process manager 8.0.1.3 |
||
ibm business process manager 7.5.0.0 |
||
ibm business process manager 7.5.0.1 |
||
ibm business process manager 7.5.1.0 |
||
ibm business process manager 8.5.0.0 |
||
ibm business process manager 8.5.0.1 |
||
ibm websphere enterprise service bus 7.0 |
||
ibm websphere process server 7.0 |