Vulnerabilities > CVE-2013-2953 - Cryptographic Issues vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ibm

CWE-310

NVD

Published: 2013-05-27

Updated: 2024-11-21

Summary

IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 6.1 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 6.3.2 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 7.3.1 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 6.4.1 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 7.3.0 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 6.4.0 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 7.1.2 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 7.2.0 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 9.1.0 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 7.1.0 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 7.2.2 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 6.5.1 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 6.3.3 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 7.2.1 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 6.3.1 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 7.1.1 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 6.0 IBM Infosphere Optim Data Growth FOR Oracle E Business Suite 6.5.0	18

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References