X.509 Certificate Validation Bypass in Auto-Scaling Agent in IBM Bluemix

X.509 Certificate Validation Bypass in Auto-Scaling Agent in IBM Bluemix

CVE-2016-0323 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.

Learn more about our Cis Benchmark Audit For Ibm I.