IBM Support

Browser Exploit Against SSL/TLS (a.k.a. BEAST) security vulnerability in Controller

Troubleshooting


Problem

Customer runs security vulnerability software (for example IBM AppScan) against Controller. A 'BEAST' vulnerability is detected.

Symptom

AppScan report:
Browser Exploit Against SSL/TLS (a.k.a. BEAST)
Severity: Medium
CVSS Score: 6.4
Risk: It may be possible to steal or manipulate customer session and cookies, which might be used to
impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user
Causes: The web server or application server are configured in an insecure way
Fix: Change server's supported ciphersuites
Difference:
Reasoning: AppScan determined that the site uses weak cipher suites by successfully creating SSL
connections using each of the weak cipher suites listed above.
[SSLv3/TLS1.0 cipher suites with CBC]

[{"Product":{"code":"SS9S6B","label":"IBM Cognos Controller"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Controller","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.2.1","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}},{"Product":{"code":"SSMRTZ","label":"IBM Cognos Controller on Cloud"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
08 May 2025

UID

swg21965705

Page Feedback