CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-3052

LOW
3.3
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile10.73th
Published2014年6月21日
Last Modified2026年5月6日

Vulnerability Description

The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.

Affected Platforms (CPE)

💻
Ibm

Security Access Manager For Web 8.0 Firmware

= 8.0.0.2
💻
Ibm

Security Access Manager For Web 8.0 Firmware

= 8.0.0.3
🔌
Ibm

Security Access Manager For Web Appliance

= 8.0

References & Advisories

🔗 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21676705
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/93454
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21676705
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/93454

相關漏洞威脅

CVE-2014-30538.0

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 an...

CVE-2014-305910.0

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers ...

CVE-2014-306010.0

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privi...

CVE-2014-482310.0

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0...