exploitDog

CVE-2016-0323

Опубликовано: 17 мая 2016

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21979682
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21979682
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:bluemix:-:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.0009

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-2qpp-8m4h-3vg9

CVSS3: 6.5

github

больше 3 лет назад

The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.

EPSS

Процентиль: 26%

0.0009

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284