IBM Security Access Manager For Web Appliance 8.0 jct-nist-compliance config
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.8 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in IBM Security Access Manager For Web Appliance 8.0. This vulnerability affects unknown code. The manipulation of the argument jct-nist-compliance results in config. This vulnerability was named CVE-2014-3052. There is no available exploit.
Details
A vulnerability classified as problematic has been found in IBM Security Access Manager For Web Appliance 8.0 (Network Authentication Software). Affected is some unknown functionality. The manipulation of the argument jct-nist-compliance with an unknown input leads to a config vulnerability. CWE is classifying the issue as CWE-16. This is going to have an impact on confidentiality. CVE summarizes:
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.
The weakness was presented 06/21/2014 (Website). The advisory is shared for download at www-01.ibm.com. This vulnerability is traded as CVE-2014-3052 since 04/29/2014. The exploitability is told to be easy. The attack can only be initiated within the local network. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1592.004.
The vulnerability is also documented in the databases at X-Force (93454) and SecurityFocus (BID 68138†). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.ibm.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 3.8
VulDB Base Score: 4.3
VulDB Temp Score: 3.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: ConfigCWE: CWE-16
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
04/29/2014 🔍06/18/2014 🔍
06/21/2014 🔍
06/21/2014 🔍
03/26/2015 🔍
03/08/2018 🔍
Sources
Vendor: ibm.comAdvisory: www-01.ibm.com
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-3052 (🔍)
GCVE (CVE): GCVE-0-2014-3052
GCVE (VulDB): GCVE-100-70128
X-Force: 93454 - IBM Security Access Manager for Web weak security
SecurityFocus: 68138 - IBM Security Access Manager CVE-2014-3052 Security Bypass Vulnerability
Entry
Created: 03/26/2015 12:07Updated: 03/08/2018 11:26
Changes: 03/26/2015 12:07 (54), 03/08/2018 11:26 (2)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.