CVE-2014-3052

CWE-163 documents3 sources

Severity

3.3LOW

EPSS

0.1%

top 76.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Access Manager FOR WEB 8.0 Firmware IBM Security Access Manager FOR WEB Appliance

Timeline

PublishedJun 21

Latest updateMay 17

Description

The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.

CVSS vector

AV:A/AC:L/C:P/I:N/A:NExploitability: 6.5 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/security_access_manager8.0.0.2, 8.0.0.3, 8.0+2

🔴Vulnerability Details

GHSA

GHSA-w55w-gm2f-2hg5: The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8↗2022-05-17

▶

CVEList

CVE-2014-3052: The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8↗2014-06-21

▶