Vulnerabilities > CVE-2014-3052 - Configuration vulnerability in IBM products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ibm

CWE-16

NVD

Published: 2014-06-21

Updated: 2024-11-21

Summary

The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM Security Access Manager FOR WEB 8.0 Firmware 8.0.0.2 IBM Security Access Manager FOR WEB 8.0 Firmware 8.0.0.3	2
Hardware	Ibm IBM Security Access Manager FOR WEB Appliance 8.0	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
http://www-01.ibm.com/support/docview.wss?uid=swg21676705
http://www-01.ibm.com/support/docview.wss?uid=swg21676705
https://exchange.xforce.ibmcloud.com/vulnerabilities/93454
https://exchange.xforce.ibmcloud.com/vulnerabilities/93454