Vulnerabilities > CVE-2014-3052 - Configuration vulnerability in IBM products

CVSS 3.3 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

low complexity

ibm

CWE-16

NVD

Published: 2014-06-21

Updated: 2017-08-29

Summary

The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM Security Access Manager FOR WEB 8.0 Firmware 8.0.0.2 IBM Security Access Manager FOR WEB 8.0 Firmware 8.0.0.3	2
Hardware	Ibm IBM Security Access Manager FOR WEB Appliance 8.0	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
http://www-01.ibm.com/support/docview.wss?uid=swg21676705
https://exchange.xforce.ibmcloud.com/vulnerabilities/93454