Lucene search

K
ibmIBMF43AC4AD74C202F4FEB76EA0BC3429642A773A92CA519668F55C67ABFA59AEB0
HistoryMay 06, 2020 - 12:02 p.m.

Security Bulletin: Vulnerability from Apache HttpClient affects IBM Cloud Pak System (CVE-2012-5783)

2020-05-0612:02:05
www.ibm.com
5

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

Summary

Vulnerability has been identified in Apache Commons HttpClient shipped with IBM Cloud Pak System.

Vulnerability Details

CVEID:CVE-2012-5783
**DESCRIPTION:**Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/79984 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak System 2.3
IBM Cloud Pak System 2.2

Remediation/Fixes

For IBM Cloud Pak System V2.3.0 and V2.3.0.1, upgrade to V2.3.1.1

Information on upgrading can be found here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.

Workarounds and Mitigations

None

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

Related for F43AC4AD74C202F4FEB76EA0BC3429642A773A92CA519668F55C67ABFA59AEB0