CVE-2017-1265Improper Certificate Validation in IBM Security Guardium

CWE-295Improper Certificate Validation3 documents3 sources
Severity
5.9MEDIUMNVD
CNA3.7
EPSS
0.1%
top 72.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Guardium
Timeline
PublishedDec 17
Latest updateMay 13

Description

IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDibm/security_guardium10.010.5
CVEListV5ibm/security_guardium7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-56p6-46p2-h7q6: IBM Security Guardium 102022-05-13
CVEList
CVE-2017-1265: IBM Security Guardium 102018-12-17
CVE-2017-1265 — Improper Certificate Validation in IBM | cvebase