IBM Tivoli Access Manager for e-Business < 18.104.22.168 / 22.214.171.124 / 126.96.36.199 SSL Multiple Vulnerabilities
High Nessus Plugin ID 80479
SynopsisAn access and authorization control management system installed on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version, the install of the IBM Tivoli Access Manager for e-Business is affected by multiple vulnerabilities :
- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)
- A denial of service vulnerability exists that allows an attacker, using a specially crafted SSL request, to cause the host to become unresponsive. Note that this issue only affects the WebSEAL component and a workaround is available. (CVE-2014-0963)
SolutionApply the interim fix 6.0.0-ISS-TAM-IF0033 / 6.1.0-ISS-TAM-IF0014 / 6.1.1-ISS-TAM-IF0010 or later.