Vulnerabilities > CVE-2013-0531 - Cryptographic Issues vulnerability in IBM Security Appscan

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ibm
CWE-310

Summary

The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 62179 CVE(CAN) ID: CVE-2013-0531 IBM Securityl AppScan Enterprise 是一个基于Web 的多用户Web 应用程序安全解决方案,提供集中的安全性扫描、数据合并和报告、补救功能、执行仪表板等功能 IBM Security AppScan Enterprise (即之前的IBM Rational AppScan Enterprise) 支持使用弱加密算法的SSL套件,攻击者无需本地网络访问及身份验证,即可利用此漏洞解密客户端和服务器之间的通讯,或在客户端上执行中间人攻击,从而获取敏感信息,执行未授权操作 0 IBM Rational AppScan Enterprise 5.6-8.7 厂商补丁: IBM --- IBM已经为此发布了一个安全公告(1640352)以及相应补丁: 1640352:Multiple vulnerabilities in IBM Security AppScan Enterprise (CVE-2013-0531, CVE-2013-0440, CVE-2013-2997) 链接:http://www-01.ibm.com/support/docview.wss?uid=swg21640352
idSSV:60997
last seen2017-11-19
modified2013-09-13
published2013-09-13
reporterRoot
titleIBM Security AppScan Enterprise 弱密码安全绕过漏洞(CVE-2013-0531)