Podatność CVE-2013-4030


Publikacja: 2014-01-20   Modyfikacja: 2014-01-21

Opis:
Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.

Typ:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
4.3/10
2.9/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Częściowy
Brak
Affected software
IBM -> System x3550 m2 
IBM -> Integrated management module 2 
IBM -> Bladecenter 
IBM -> System x3550 m3 
IBM -> Flex system manager node 7955 
IBM -> System x3550 m4 
IBM -> Flex system manager node 8731 
IBM -> System x3630 m3 
IBM -> Flex system manager node 8734 
IBM -> System x3630 m4 
IBM -> Flex system x220 compute node 
IBM -> System x3630 m4 hd 
IBM -> Flex system x240 compute node 
IBM -> System x3650 m2 
IBM -> Flex system x440 compute node 
IBM -> System x3650 m3 
IBM -> Ntegrated management module 2 
IBM -> System x3650 m4 
IBM -> System x3100 m4 
IBM -> System x3650 m4 hd 
IBM -> System x3250 m4 
IBM -> System x3690 x5 
IBM -> System x3300 m4 
IBM -> System x3750 m4 
IBM -> System x3500 m2 
IBM -> System x3850 x5 
IBM -> System x3500 m3 
IBM -> System x3950 x5 
IBM -> System x3500 m4 
IBM -> System x idataplex direct water cooled dx360 m4 server 
IBM -> System x3530 m4 
IBM -> System x idataplex dx360 m4 server 

 Referencje:
http://xforce.iss.net/xforce/xfdb/86068
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_avoiding_weak_ssl_tls_encryption_in_ibm_system_x_and_flex_systems_cve_2013_40301

Copyright 2024, cxsecurity.com

 

Back to Top