5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
IBM Content Navigator has addressed the following vulnerability.
CVEID: CVE-2014-3577
**DESCRIPTION:*Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject’s Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95327> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected IBM Content Navigator | Affected Versions |
---|---|
IBM Content Navigator | 2.0.3 |
IBM Content Navigator | 3.0CD |
Product | VRMF | Remediation / First Fix |
---|---|---|
IBM Content Navigator | 2.0.3 | Contact customer support center for the fix and instructions. |
IBM Content Navigator | 3.0 Continuous Delivery | Contact customer support center for the fix and instructions. |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm content navigator | eq | any |