IBME5E6F66CAED0283F2A4FD81532D43E89D427DB0E326671183A7D2235AD86F0E7Security Bulletin: IBM Security Access Manager for Mobile appliances has some weak SSH MAC Algorithms enabled (CVE-2015-5012)
0.002 Low
EPSS
Percentile
57.8%
Summary
The IBM Security Access Manager for Mobile appliance enables some SSH MAC Algorithms that only provide weak security, which could leave sensitive information vulnerable to decryption.
Vulnerability Details
CVEID: CVE-2015-5012**
DESCRIPTION:** IBM Security Access Manager for Mobile could provide weaker than expected security. This could allow an attacker to decrypt information more quickly and obtain sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106404 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions
IBM Security Access Manager 9.0 appliances
Remediation/Fixes
The table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch.
| Product name | VRMF | APAR | Remediation |
|---|---|---|---|
| IBM Security Access Manager for Mobile | 8.0 - 8.0.1.3 | IV78768 | 1. For 8.0 - 8.0.1.2 environments, upgrade to 8.0.1.3: |
| 8.0.1-ISS-ISAM-FP0003 |
2. Apply 8.0.1.3 Interim Fix 3:
8.0.1.3-ISS-ISAM-IF0003
IBM Security Access Manager| 9.0| IV78768| 1. Apply 9.0.0.0 interim fix 1:
9.0.0-ISS-ISAM-IF0001
Related
0.002 Low
EPSS
Percentile
57.8%