CVE-2015-5012

CWE-3103 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 48.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Access Manager 9.0 Firmware IBM Security Access Manager FOR WEB 7.0 Firmware IBM Security Access Manager FOR WEB 8.0 Firmware

Timeline

PublishedFeb 15

Latest updateMay 17

Description

The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/security_access_manager25 versions+24

▶NVDibm/security_access_manager_9.0_firmware9.0.0

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-h4g7-rvhv-9vv7: The SSH implementation on IBM Security Access Manager for Web appliances 7↗2022-05-17

▶

CVEList

CVE-2015-5012: The SSH implementation on IBM Security Access Manager for Web appliances 7↗2016-02-15

▶