CVE-2016-0266

Опубликовано: 08 авг. 2016

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86120
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86132
Broken Link
http://www.securityfocus.com/bid/92150
http://www.securitytracker.com/id/1036467
https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc
Mitigation
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86120
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86132
Broken Link
http://www.securityfocus.com/bid/92150
http://www.securitytracker.com/id/1036467
https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.3.50:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.3.51:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.3.52:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.3.60:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.3.70:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.4.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.4.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:vios:2.2.4.22:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.007

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-254

Связанные уязвимости

GHSA-mcgf-p4mp-v794