Security Bulletin: mDNS vulnerability affects IBM Security Access Manager for Web (CVE-2015-1892)

2018-06-1621:23:13

www.ibm.com

EPSS

0.002

Percentile

61.3%

JSON

Summary

A vulnerability in mDNS affects IBM Security Access Manager for Web.

Vulnerability Details

CVEID:CVE-2015-1892

**DESCRIPTION:**IBM Security Access Manager for Web could allow a remote attacker to send specially crafted UDP packets to extract information from the mDNS service.

CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101435 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM Security Access Manager for Web 7.0 (appliance-based)

IBM Security Access Manager for Web 8.0 firmware versions 8.0.0.1, 8.0.0.2, 8.0.0.4, 8.0.0.5, and 8.0.1.0.

Remediation/Fixes

IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch.

*Product*	*VRMF*	*APAR*
IBM Security Access Manager for Web
(appliance-based)	_7.0.0.0 -
7.0.0.11_	IV70913	7.0.0-ISS-WGA-FP0012
_IBM Security Access Manager for Web -_8.0	_8.0.0.0 -
8.0.1.0_	IV70911	8.0.1-ISS-WGA-FP0002

Workarounds and Mitigations

None

EPSS

0.002

Percentile

61.3%

JSON

Related for C0BDEE61BBEFC1BD599774098372F68E623E267A08C3B8A387230D233BD7E3FB