Lucene search

[email protected]NVD:CVE-2015-1970

HistoryAug 03, 2015 - 7:59 p.m.

CVE-2015-1970

2015-08-0319:59:02

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

Percentile

12.6%

JSON

The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere.

Affected configurations

Nvd

Node

ibmwebsphere_datapower_xc10_appliance_firmwareMatch2.1.0.0

ibmwebsphere_datapower_xc10_appliance_firmwareMatch2.1.0.1

ibmwebsphere_datapower_xc10_appliance_firmwareMatch2.1.0.2

ibmwebsphere_datapower_xc10_appliance_firmwareMatch2.1.0.3

ibmwebsphere_datapower_xc10_appliance_firmwareMatch2.5.0.0

ibmwebsphere_datapower_xc10_appliance_firmwareMatch2.5.0.1

ibmwebsphere_datapower_xc10_appliance_firmwareMatch2.5.0.2

ibmwebsphere_datapower_xc10_appliance_firmwareMatch2.5.0.3

ibmwebsphere_datapower_xc10_appliance_firmwareMatch2.5.0.4

VendorProductVersionCPE
ibmwebsphere_datapower_xc10_appliance_firmware2.1.0.0cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.0:*:*:*:*:*:*:*
ibmwebsphere_datapower_xc10_appliance_firmware2.1.0.1cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.1:*:*:*:*:*:*:*
ibmwebsphere_datapower_xc10_appliance_firmware2.1.0.2cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.2:*:*:*:*:*:*:*
ibmwebsphere_datapower_xc10_appliance_firmware2.1.0.3cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.3:*:*:*:*:*:*:*
ibmwebsphere_datapower_xc10_appliance_firmware2.5.0.0cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.0:*:*:*:*:*:*:*
ibmwebsphere_datapower_xc10_appliance_firmware2.5.0.1cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.1:*:*:*:*:*:*:*
ibmwebsphere_datapower_xc10_appliance_firmware2.5.0.2cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.2:*:*:*:*:*:*:*
ibmwebsphere_datapower_xc10_appliance_firmware2.5.0.3cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.3:*:*:*:*:*:*:*
ibmwebsphere_datapower_xc10_appliance_firmware2.5.0.4cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_datapower_xc10_appliance_firmware	2.1.0.0	cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.0:::::::*
ibm	websphere_datapower_xc10_appliance_firmware	2.1.0.1	cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.1:::::::*
ibm	websphere_datapower_xc10_appliance_firmware	2.1.0.2	cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.2:::::::*
ibm	websphere_datapower_xc10_appliance_firmware	2.1.0.3	cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.3:::::::*
ibm	websphere_datapower_xc10_appliance_firmware	2.5.0.0	cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.0:::::::*
ibm	websphere_datapower_xc10_appliance_firmware	2.5.0.1	cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.1:::::::*
ibm	websphere_datapower_xc10_appliance_firmware	2.5.0.2	cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.2:::::::*
ibm	websphere_datapower_xc10_appliance_firmware	2.5.0.3	cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.3:::::::*
ibm	websphere_datapower_xc10_appliance_firmware	2.5.0.4	cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.4:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1IT09803

www-01.ibm.com/support/docview.wss?uid=swg21962861

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2015-1970

cve1 cvelist1 prion1