Lucene search

IbmCVELIST:CVE-2017-1265

HistoryDec 17, 2018 - 4:00 p.m.

CVE-2017-1265

2018-12-1716:00:00

ibm

www.cve.org

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

36.7%

JSON

IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740.

CNA Affected

[
  {
    "product": "Security Guardium",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.0"
      },
      {
        "status": "affected",
        "version": "10.0.1"
      },
      {
        "status": "affected",
        "version": "10.1"
      },
      {
        "status": "affected",
        "version": "10.1.2"
      },
      {
        "status": "affected",
        "version": "10.1.3"
      },
      {
        "status": "affected",
        "version": "10.1.4"
      },
      {
        "status": "affected",
        "version": "10.5"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106234

exchange.xforce.ibmcloud.com/vulnerabilities/124740

www.ibm.com/support/docview.wss?uid=swg22014229

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

36.7%

JSON

Related for CVELIST:CVE-2017-1265