Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3052

The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.

Published

2014-06-21T15:55:03.807

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.3 (LOW)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-16

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ibm	security_access_manager_for_web_8.0_firmware	8.0.0.2	Yes
Operating System	ibm	security_access_manager_for_web_8.0_firmware	8.0.0.3	Yes
Hardware	ibm	security_access_manager_for_web_appliance	8.0	Yes

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21676705 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/93454 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553 (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21676705 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/93454 (af854a3a-2127-422b-91ae-364da2661108)