9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Apache HTTPD is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE.
CVEID:CVE-2018-1312
**DESCRIPTION:**Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the failure to properly generate an HTTP Digest authentication nonce when generating an HTTP Digest authentication challenge. An attacker could exploit this vulnerability to replay HTTP requests across servers without detection.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/140853 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Integrated Analytics System | 1.0.0-1.0.21.0 |
Update to the following IBM Integrated Analytics System release :
Product | VRMF | Remediation / First Fix |
---|---|---|
IBM Integrated Analytics System | 1.0.22.0 | Link to Fix Central |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm integrated analytics system | eq | any |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P