CVE-2013-6329

CWE-3103 documents3 sources

Severity

7.8HIGH

EPSS

2.4%

top 14.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Content Manager Ondemand FOR Multiplatforms IBM Security Access Manager FOR WEB

Timeline

PublishedDec 17

Latest updateMay 17

Description

IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDibm/content_manager_ondemand8.5, 9.0+1

▶NVDibm/security_access_manager4 versions+3

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-wxm3-qrp2-mhf2: IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8↗2022-05-17

▶

CVEList

CVE-2013-6329: IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8↗2013-12-17

▶