Vulnerability CVE-2017-1476


Published: 2018-06-06

Description:
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.

Type:

CWE-200

(Information Exposure)

Vendor: IBM
Product: Security access manager 
Version:
9.0.1.0
9.0.0.1
9.0.0
Product: Security access manager for web 
Version:
8.0.1.4
8.0.1.3
8.0.1.2
8.0.1.1
8.0.1.0
8.0.1
8.0.0.5
8.0.0.31
8.0.0.22
8.0.0
7.0.0.9
7.0.0.15
7.0.0.14
7.0.0.13
7.0.0.12
7.0.0.11
7.0.0.10
7.0.0
Product: Security access manager for mobile 
Version:
8.0.1.4
8.0.1.3
8.0.1.2
8.0.1
8.0.0.5
8.0.0.2

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.ibm.com/support/docview.wss?uid=swg22012310
http://www.securityfocus.com/bid/104501
https://exchange.xforce.ibmcloud.com/vulnerabilities/128610

Related CVE
CVE-2018-1655
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
CVE-2018-1460
IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211.
CVE-2018-1419
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.
CVE-2018-1431
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly ...
CVE-2018-1393
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378.
CVE-2018-1453
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.
CVE-2017-1405
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.
CVE-2018-1547
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in ...

Copyright 2018, cxsecurity.com

 

Back to Top