5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.114 Low
EPSS
Percentile
94.4%
GnuTLS in Red Hat Enterprise Linux that ships with IBM WebSphere Application Server Hypervisor edition could allow a remote attacker to bypass security restrictions, caused by an error when verifying unspecified certificates. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to bypass certificate validation checks and gain access to the system.
CVE ID:CVE-2014-0092**
DESCRIPTION: GnuTLS in Red Hat Enterprise Linux that ships with IBM WebSphere Application Server Hypervisor edition could allow a remote attacker to bypass security restrictions, caused by an error when verifying unspecified certificates. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass certificate validation checks and gain access to the system.**** **
CVE-2014-0092 CVSS: _
CVSS Base Score: 4.3
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/91486 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM WebSphere Application Server Hypervisor Images for Version 8.5.5, 8.5, 8.0 and 7.0 include this affected library.
Upgrade to the fixed level of Red Hat:
Red Hat Version 5 Customer Portal
Red Hat Version 6 Customer Portal
none
CPE | Name | Operator | Version |
---|---|---|---|
websphere application server hypervisor edition | eq | any |