CVE-2017-1473

Опубликовано: 23 апр. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22012268
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/128605
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22012268
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/128605
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.6:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_for_web_appliance:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3.1:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_appliance:-:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00106

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-326

Связанные уязвимости

GHSA-2cj7-cj42-3g7v

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 29%

0.00106

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-326