7.2.1.3

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

ibm

CWE-16

NVD

Published: 2013-03-06

Updated: 2017-08-29

Summary

The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Tivoli Application Dependency Discovery Manager 7.2.0.0 IBM Tivoli Application Dependency Discovery Manager 7.2.1 IBM Tivoli Application Dependency Discovery Manager 7.2.1.3	3

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391
http://www-01.ibm.com/support/docview.wss?uid=swg21626029
https://exchange.xforce.ibmcloud.com/vulnerabilities/80354