Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDE75F6C63C9C64B3BF3E4D442FD902A09EC9312B6D591C21E78962D267B066C3
HistoryJul 31, 2024 - 9:51 p.m.

Security Bulletin: Multiple Vulnerabilities in Apache Axis affect Cloud Pak System

2024-07-3121:51:17
www.ibm.com
6
apache axis
cloud pak system
vulnerabilities
upgrade
ibm fix central

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

JSON

Summary

Vulnerabilities in Apache Axis affect Cloud Pak System [CVE-2012-5784, CVE-2014-3596]

Vulnerability Details

CVEID:CVE-2012-5784
**DESCRIPTION:**Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/79829 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2014-3596
**DESCRIPTION:**Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/95377 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Affected Product(s)|**Version(s) (intel)
**
β€”|β€”
IBM Cloud Pak Systemn| 2.3.3.0
IBM Cloud Pak Systemn| 2.3.3.3 iFIx1
IBM Cloud Pak Systemn| 2.3.3.4
IBM Cloud Pak Systemn| 2.3.3.5,
IBM Cloud Pak Systemn| 2.3.3.6, 2.3.3.3.6 iFix1, 2.3.3.6 iFix2

Remediation/Fixes

For unsupported versions the recommendation is to upgrade to supported version of the product.
This security bulletin applies to Cloud Pak System, Cloud Pak System Software, Cloud Pak System Software Suite.
IBM strongly recommends addressing the vulnerability now by applying the fix below.

For Cloud Pak System on Intel
Upgrade to Cloud Pak System v2.3.4.0 for Intel at IBM Fix Central
Information on upgrading here <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_systemMatch2.3

Related

ubuntucve 2
openvas 27
osv 3
cve 2
ibm 17
debian 1
nessus 24
f5 4
github 2
debiancve 2
veracode 2
suse 2
cvelist 2
prion 2
nvd 2
oraclelinux 3
redhat 6
fedora 2
centos 2
amazon 2
gitlab 1
mageia 2
oracle 2
ubuntucve
ubuntucve
CVE-2014-3596
2014-08-27 00:00:00
CVE-2012-5784
2012-11-04 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1373-1)
2021-06-09 00:00:00
RedHat Update for axis RHSA-2014:1193-01
2014-09-16 00:00:00
CentOS Update for axis CESA-2014:1193 centos6
2014-09-16 00:00:00
osv
osv
axis - security update
2015-03-10 00:00:00
Improper Validation of Certificates in apache axis
2018-10-16 20:50:58
Man-in-the-middle attack in Apache Axis
2020-10-07 17:51:02
cve
cve
CVE-2014-3596
2014-08-27 00:55:05
CVE-2012-5784
2012-11-04 22:55:03
ibm
ibm
Security Bulletin: Two vulnerabilities exist in IBM Case Foundation and FileNet Business Process Manager (CVE-2012-5784 and CVE-2014-3596)
2018-06-17 12:12:09
Security Bulletin: Multiple Security Vulnerabilities in Apache Axis Affect IBM Sterling B2B Integrator (CVE-2014-3596, CVE-2012-5784)
2020-02-05 00:53:36
Security Bulletin: Multiple Vulnerabilities found in Axis.jar V1.x may affect IBM Content Collector for SAP Applications
2021-03-26 17:24:42
debian
debian
[SECURITY] [DLA 169-1] axis security update
2015-03-10 18:47:07
nessus
nessus
openSUSE Security Update : axis (openSUSE-2019-1497)
2019-06-04 00:00:00
F5 Networks BIG-IP : Apache Axis vulnerability (SOL16821)
2016-09-02 00:00:00
openSUSE Security Update : axis (openSUSE-2019-1526)
2019-06-10 00:00:00
f5
f5
SOL16821 - Apache Axis vulnerability CVE-2014-3596
2015-06-29 00:00:00
K16821 : Apache Axis vulnerability CVE-2014-3596
2015-11-11 00:00:00
SOL14371 - Apache Axis vulnerability CVE-2012-5784
2013-05-06 00:00:00
github
github
Improper Validation of Certificates in apache axis
2018-10-16 20:50:58
Man-in-the-middle attack in Apache Axis
2020-10-07 17:51:02
debiancve
debiancve
CVE-2014-3596
2014-08-27 00:55:05
CVE-2012-5784
2012-11-04 22:55:03
veracode
veracode
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 09:01:11
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 09:00:12
suse
suse
Security update for axis (moderate)
2019-06-07 00:00:00
Security update for axis (moderate)
2019-06-03 00:00:00
cvelist
cvelist
CVE-2014-3596
2014-08-27 00:00:00
CVE-2012-5784
2012-11-04 22:00:00
prion
prion
Code injection
2014-08-27 00:55:00
Design/Logic Flaw
2012-11-04 22:55:00
nvd
nvd
CVE-2014-3596
2014-08-27 00:55:05
CVE-2012-5784
2012-11-04 22:55:03
oraclelinux
oraclelinux
axis security update
2013-03-25 00:00:00
axis security update
2014-09-15 00:00:00
axis security update
2013-02-19 00:00:00
redhat
redhat
(RHSA-2013:0683) Moderate: axis security update
2013-03-25 00:00:00
(RHSA-2013:0269) Moderate: axis security update
2013-02-19 00:00:00
(RHSA-2014:1123) Moderate: devtoolset-2-axis security update
2014-09-02 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: axis-1.4-19.fc17
2013-02-01 17:16:41
[SECURITY] Fedora 18 Update: axis-1.4-19.fc18
2013-02-01 16:58:10
centos
centos
axis security update
2013-03-25 20:27:08
axis security update
2014-09-15 16:46:18
amazon
amazon
Medium: axis
2013-03-02 16:50:00
Important: axis
2014-09-17 21:47:00
gitlab
gitlab
Improper Input Validation
2020-10-07 00:00:00
mageia
mageia
Updated axis package fixes security vulnerability
2013-07-06 18:12:34
Updated axis packages fix CVE-2014-3596
2014-12-26 20:04:58
oracle
oracle
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

JSON
Related for DE75F6C63C9C64B3BF3E4D442FD902A09EC9312B6D591C21E78962D267B066C3
ubuntucve2openvas27osv3cve2ibm17debian1nessus24f54github2debiancve2veracode2suse2cvelist2prion2nvd2oraclelinux3redhat6fedora2centos2amazon2gitlab1mageia2oracle2