IBM Endpoint Manager 9.1 OpenSSL Man In The Middle Security Bypass Vulnerability Network Vulnerability

Summary

There is an OpenSSL vulnerability that could allow an attacker to decrypt and modify traffic from a vulnerable client and server.

Impact

Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.

Solution

Upgrade all components to version 9.1.1117.

Insight

An OpenSSL advisory was announced on June 5, 2014 in several versions of OpenSSL. Several vulnerabilities were detailed in this advisory. One affects IBM Endpoint Manager 9.1 -- the ChangeCipherSpec (CCS) Injection Vulnerability. This vulnerability can be exploited by a Man-in-the-middle (MITM) attack allowing an attacker to eavesdrop and make falsifications between Root Server, Web Reports, Relay, and Proxy Agent communications. An eavesdropping attacker can obtain console login credentials.

Affected

IBM Endpoint Manager 9.1 (9.1.1065, 9.1.1082, and 9.1.1088) are the only affected versions. Previous versions are not affected

Detection

Check the version.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21677842

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0224

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

IBM Endpoint Manager 9.1 OpenSSL Man in the Middle Security Bypass Vulnerability

Take action and discover your vulnerabilities