IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass
Medium Nessus Plugin ID 79335
SynopsisThe remote host is affected by a security bypass vulnerability.
DescriptionAccording to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
SolutionUpgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.