5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Apache HttpComponents that are vulnerable to spoofing attacks are affecting Case Manager Client.
Apache HttpComponents that are being utilized by the Forms widget in Case Manager Client when you are working with IBM Forms are vulnerable to spoofing attacks.
CVEID: CVE-2012-6153 **
DESCRIPTION:** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject’s Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95328 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2014-3577
DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject’s Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95327 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM Case Manager 5.1.1.0 - 5.1.1.2
IBM Case Manager 5.2.0.0 - 5.2.0.3
IBM Case Manager 5.2.1.0 - 5.2.1.2
Product
|
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
IBM Case Manager| 5.2.1.3-FP003| PJ43827| 5.2.1.3-ICM-FP003
or later versions
IBM Case Manager| 5.2.0.4-FP004| PJ44167| 5.2.0.4-ICM-FP004
or later versions
IBM Case Manager| 5.1.1.3-IF002| PJ43886| 5.1.1.3-ICM-IF002
or later versions
IBM Forms APAR LO85829 - <http://www.ibm.com/support/docview.wss?uid=swg21961713>
IBM WebSphere APAR PI50993 - <http://www.ibm.com/support/docview.wss?uid=swg24041394>
For the complete fix, all of the above components need to be patched accordingly.
CPE | Name | Operator | Version |
---|---|---|---|
ibm case manager | eq | 5.2.1 | |
ibm case manager | eq | 5.2.0 | |
ibm case manager | eq | 5.1.1 |