This script is Copyright (C) 2015 Tenable Network Security, Inc.
An access and authorization control management system installed on the
remote host is affected by multiple vulnerabilities.
According to its self-reported version, the install of the IBM Tivoli
Access Manager for e-Business is affected by multiple vulnerabilities
- An error exists related to the implementation of the
Elliptic Curve Digital Signature Algorithm (ECDSA) that
allows nonce disclosure via the 'FLUSH+RELOAD' cache
side-channel attack. (CVE-2014-0076)
- A denial of service vulnerability exists that allows an
attacker, using a specially crafted SSL request, to
cause the host to become unresponsive. Note that this
issue only affects the WebSEAL component and a
workaround is available. (CVE-2014-0963)
See also :
Apply the interim fix 6.0.0-ISS-TAM-IF0033 / 6.1.0-ISS-TAM-IF0014 /
6.1.1-ISS-TAM-IF0010 or later.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 6.2
Public Exploit Available : false