Sign-up

ID

VAR-201801-0575


CVE

CVE-2017-1478


TITLE

IBM Security Access Manager Information disclosure vulnerability in the appliance

Trust: 0.8

sources: JVNDB: JVNDB-2018-001434

DESCRIPTION

IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613. Vendors have confirmed this vulnerability IBM X-Force ID: 128613 It is released as.Information may be obtained. A local attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The product enables access management control through integrated appliances for web, mobile and cloud computing. The vulnerability stems from the fact that the program allows local storage of web pages. An attacker could exploit this vulnerability to read stored pages

Trust: 1.98

sources: NVD: CVE-2017-1478 // JVNDB: JVNDB-2018-001434 // BID: 102502 // VULHUB: VHN-105536

AFFECTED PRODUCTS

vendor:ibmmodel:security access manager 9.0scope:eqversion:9.0.1.0

Trust: 1.6

vendor:ibmmodel:security access manager 9.0scope:eqversion:9.0.2.1

Trust: 1.6

vendor:ibmmodel:security access manager 9.0scope:eqversion:9.0.2.0

Trust: 1.6

vendor:ibmmodel:security access manager 9.0scope:eqversion:9.0.3.1

Trust: 1.6

vendor:ibmmodel:security access manager 9.0scope:eqversion:9.0.0.1

Trust: 1.6

vendor:ibmmodel:security access manager 9.0scope:eqversion:9.0.0

Trust: 1.6

vendor:ibmmodel:security access manager 9.0scope:eqversion:9.0.3

Trust: 1.6

vendor:ibmmodel:security access managerscope:eqversion:9.0.0

Trust: 0.8

vendor:ibmmodel:security access managerscope:eqversion:9.0.3.1

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0.3.0

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0.2.0

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0.1.0

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0.0.1

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:security access managerscope:neversion:9.0.4.0

Trust: 0.3

sources: BID: 102502 // JVNDB: JVNDB-2018-001434 // CNNVD: CNNVD-201801-420 // NVD: CVE-2017-1478

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1478
value: LOW

Trust: 1.0

NVD: CVE-2017-1478
value: LOW

Trust: 0.8

CNNVD: CNNVD-201801-420
value: LOW

Trust: 0.6

VULHUB: VHN-105536
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-1478
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-105536
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1478
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-105536 // JVNDB: JVNDB-2018-001434 // CNNVD: CNNVD-201801-420 // NVD: CVE-2017-1478

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-105536 // JVNDB: JVNDB-2018-001434 // NVD: CVE-2017-1478

THREAT TYPE

local

Trust: 0.9

sources: BID: 102502 // CNNVD: CNNVD-201801-420

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201801-420

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001434

PATCH
title:2012323url:http://www-01.ibm.com/support/docview.wss?uid=swg22012323
Trust: 0.8
title:IBM Security Access Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77674
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001434 // 
            
            
            
            CNNVD: CNNVD-201801-420

EXTERNAL IDS
db:NVDid:CVE-2017-1478
Trust: 2.8
db:BIDid:102502
Trust: 1.4
db:SECTRACKid:1040172
Trust: 1.1
db:JVNDBid:JVNDB-2018-001434
Trust: 0.8
db:CNNVDid:CNNVD-201801-420
Trust: 0.7
db:NSFOCUSid:38680
Trust: 0.6
db:VULHUBid:VHN-105536
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105536 // 
            
            
            
            BID: 102502 // 
            
            
            
            JVNDB: JVNDB-2018-001434 // 
            
            
            
            CNNVD: CNNVD-201801-420 // 
            
            
            
            NVD: CVE-2017-1478

REFERENCES
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/128613
Trust: 2.5
url:http://www.ibm.com/support/docview.wss?uid=swg22012323
Trust: 1.7
url:http://www.securityfocus.com/bid/102502
Trust: 1.1
url:http://www.securitytracker.com/id/1040172
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1478
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-1478
Trust: 0.8
url:http://www.nsfocus.net/vulndb/38680
Trust: 0.6
url:http://www-03.ibm.com/software/products/en/access-mgr-web
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg22012323
Trust: 0.3
sources:
            
            
            VULHUB: VHN-105536 // 
            
            
            
            BID: 102502 // 
            
            
            
            JVNDB: JVNDB-2018-001434 // 
            
            
            
            CNNVD: CNNVD-201801-420 // 
            
            
            
            NVD: CVE-2017-1478

CREDITS
Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd and Dmitriy Beryoza.
Trust: 0.3
sources:
            
            
            BID: 102502

SOURCES
db:VULHUBid:VHN-105536
db:BIDid:102502
db:JVNDBid:JVNDB-2018-001434
db:CNNVDid:CNNVD-201801-420
db:NVDid:CVE-2017-1478

LAST UPDATE DATE
2024-11-23T22:07:01.705000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-105536date:2018-02-01T00:00:00
db:BIDid:102502date:2018-01-09T00:00:00
db:JVNDBid:JVNDB-2018-001434date:2018-02-16T00:00:00
db:CNNVDid:CNNVD-201801-420date:2018-01-12T00:00:00
db:NVDid:CVE-2017-1478date:2024-11-21T03:21:56.270

SOURCES RELEASE DATE
db:VULHUBid:VHN-105536date:2018-01-11T00:00:00
db:BIDid:102502date:2018-01-09T00:00:00
db:JVNDBid:JVNDB-2018-001434date:2018-02-16T00:00:00
db:CNNVDid:CNNVD-201801-420date:2018-01-12T00:00:00
db:NVDid:CVE-2017-1478date:2018-01-11T17:29:00.197