RC4 cipher suites vulnerability in Controller

Troubleshooting

Problem

Customer runs IBM AppScan security tool against a Controller 10.2.1 Fix Pack 1 system. It reports an RC4 cipher suites vulnerability.

Symptom

Appscan Report:
RC4 cipher suites were detected
Severity: Medium
CVSS Score: 6.4
URL: https://servername/ibmcognos
Entity: servername (Page)
Risk: It may be possible to steal or manipulate customer session and cookies, which might be used to
impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform
transactions as that user
Causes: The web server or application server are configured in an insecure way
Fix: Change server's supported ciphersuites
Difference:
Reasoning: AppScan determined that the site uses weak cipher suites by successfully creating SSL
connections using each of the weak cipher suites listed above.

[{"Product":{"code":"SS9S6B","label":"IBM Cognos Controller"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Controller","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.2.1","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}},{"Product":{"code":"SSMRTZ","label":"IBM Cognos Controller on Cloud"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Tips

RC4 cipher suites vulnerability in Controller

Troubleshooting

Problem

Symptom

Log InLog in to view more of this document

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?