exploitDog

CVE-2014-3052

Опубликовано: 21 июн. 2014

Источник: nvd

CVSS2: 3.3

EPSS Низкий

Описание

The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.0008

Низкий

3.3 Low

CVSS2

Дефекты

CWE-16

Связанные уязвимости

GHSA-w55w-gm2f-2hg5

github

больше 3 лет назад

The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.

EPSS

Процентиль: 24%

0.0008

Низкий

3.3 Low

CVSS2

Дефекты

CWE-16