Lucene search

[email protected]NVD:CVE-2012-2203

HistoryAug 08, 2012 - 10:26 a.m.

CVE-2012-2203

2012-08-0810:26:18

CWE-264

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

JSON

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.

Affected configurations

NVD

Node

ibmglobal_security_kitRange≤8.0.13

ibmglobal_security_kitMatch7.0.4.28

ibmglobal_security_kitMatch7.0.4.29

ibmrational_directory_server

ibmtivoli_directory_server

References

secunia.com/advisories/51279

www-01.ibm.com/support/docview.wss?uid=swg1IV31973

www-01.ibm.com/support/docview.wss?uid=swg1IV31975

www-01.ibm.com/support/docview.wss?uid=swg21606145

www.securityfocus.com/bid/54743

exchange.xforce.ibmcloud.com/vulnerabilities/77280

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

JSON

Related for NVD:CVE-2012-2203

ibm8 nessus4 cvelist1 prion1 cve1