Lucene search

IBM114BF33EFD8A5121E295E77AF5DC43F0CE78DB68871B8E67B9B1F23BC2824E92

HistoryJun 16, 2018 - 10:05 p.m.

Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in Python (CVE-2014-9365)

2018-06-1622:05:00

www.ibm.com

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

Summary

IBM Security Access Manager Appliance has addressed the following vulnerability in the Python libraries used on the appliance.

Vulnerability Details

CVEID: CVE-2014-9365**
DESCRIPTION:** Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certificate by the HTTP libraries. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability using man-in-the-middle techniques to launch further attacks on the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99294 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Affected IBM Security Access Manager Appliance

Affected Versions

—|—
IBM Security Access Manager| 9.0.3.0

Remediation/Fixes

Product

VRMF

APAR

Remediation

—|—|—|—
IBM Security Access Manager| 9.0.3.0| IJ02890| Upgrade to 9.0.3.1:
9.0.3-ISS-ISAM-FP0001

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security access managereq9.0.3

CPE	Name	Operator	Version
	ibm security access manager	eq	9.0.3

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

Related for 114BF33EFD8A5121E295E77AF5DC43F0CE78DB68871B8E67B9B1F23BC2824E92