Lucene search

[email protected]CVE-2015-5012

HistoryFeb 15, 2016 - 2:59 a.m.

CVE-2015-5012

2016-02-1502:59:06

CWE-310

[email protected]

web.nvd.nist.gov

ibm

security

access manager

ssh

vulnerability

nvd

cve-2015-5012

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

Affected configurations

NVD

Node

ibmsecurity_access_manager_9.0_firmwareMatch9.0.0

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.1

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.2

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.3

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.4

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.5

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.6

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.7

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.8

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.9

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.10

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.11

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.12

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.13

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.14

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.15

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.16

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.17

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.18

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.1

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.2

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.3

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.5

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.1

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.1.0

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.1.2

CPENameOperatorVersion
ibm:security_access_manager_9.0_firmwareibm security access manager 9.0 firmwareeq9.0.0
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.1
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.2
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.3
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.4
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.5
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.6
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.7
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.8
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.9

CPE	Name	Operator	Version
ibm:security_access_manager_9.0_firmware	ibm security access manager 9.0 firmware	eq	9.0.0
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.1
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.2
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.3
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.4
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.5
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.6
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.7
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.8
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.9

Rows per page:

1-10 of 261

References

www-01.ibm.com/support/docview.wss?uid=swg1IV78768

www-01.ibm.com/support/docview.wss?uid=swg1IV78780

www-01.ibm.com/support/docview.wss?uid=swg21971422

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

Related for CVE-2015-5012

nvd1 ibm2 prion1 cvelist1