5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
IBM Security Access Manager Appliance has addressed the following vulnerability in the Python libraries used on the appliance.
CVEID: CVE-2014-9365**
DESCRIPTION:** Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certificate by the HTTP libraries. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability using man-in-the-middle techniques to launch further attacks on the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99294 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected IBM Security Access Manager Appliance
|
Affected Versions
—|—
IBM Security Access Manager| 9.0.3.0
Product
|
VRMF
|
APAR
|
Remediation
—|—|—|—
IBM Security Access Manager| 9.0.3.0| IJ02890| Upgrade to 9.0.3.1:
9.0.3-ISS-ISAM-FP0001
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security access manager | eq | 9.0.3 |