Vulnerability CVE-2014-3052
Published: 2014-06-21

Description:
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.

Type:

CWE-16

 (Configuration)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
IBM -> Security access manager for web appliance 
IBM -> Security access manager for web 8.0 firmware 

 References:
http://xforce.iss.net/xforce/xfdb/93454
http://www-01.ibm.com/support/docview.wss?uid=swg21676705
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
Copyright 2024, cxsecurity.com

 

Back to Top