IBM WebSphere Application Server Edge Component Caching Proxy Security Weakness Lets Remote Users Decrypt Data Vulnerabilities
28 Mar. 2016
Summary
The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information.
Credit:
The information has been provided by Cisco.
Vulnerable Systems:
*IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8
Immune Systems:
*IBM WebSphere Application Server (WAS) 8.0 after 8.0.0.12 and 8.5 after 8.5.5.8
A vulnerability was reported in IBM WebSphere Application Server. A remote user may be able to decrypt data communicated via the proxy.The Edge Component Caching Proxy may provide weaker than expected security. A remote user that can monitor the network to decrypt data more rapidly to obtain sensitive information.