Details of VAR-201804-0273

ID

VAR-201804-0273

CVE

CVE-2014-0927

TITLE

IBM Sterling B2B Integrator and IBM Sterling File Gateway Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008596

DESCRIPTION

The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. Vendors have confirmed this vulnerability IBM X-Force ID: 92259 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network

Trust: 1.71

sources: NVD: CVE-2014-0927 // JVNDB: JVNDB-2014-008596 // VULHUB: VHN-68420

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.1	Trust: 2.4
vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.2	Trust: 2.4
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.1	Trust: 2.4
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 2.4

sources: JVNDB: JVNDB-2014-008596 // CNNVD: CNNVD-201804-1312 // NVD: CVE-2014-0927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0927
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0927
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201804-1312
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68420
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0927
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68420
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-0927
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-68420 // JVNDB: JVNDB-2014-008596 // CNNVD: CNNVD-201804-1312 // NVD: CVE-2014-0927

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-68420 // JVNDB: JVNDB-2014-008596 // NVD: CVE-2014-0927

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1312

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201804-1312

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008596

PATCH

title:	1674739	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21674739	Trust: 0.8
title:	ibm-sterling-cve20140927-sec-bypass (92259)	url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/92259	Trust: 0.8
title:	IBM Sterling B2B Integrator and IBM Sterling File Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79606	Trust: 0.6

sources: JVNDB: JVNDB-2014-008596 // CNNVD: CNNVD-201804-1312

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0927	Trust: 2.5
db:	JVNDB	id:	JVNDB-2014-008596	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1312	Trust: 0.7
db:	VULHUB	id:	VHN-68420	Trust: 0.1

sources: VULHUB: VHN-68420 // JVNDB: JVNDB-2014-008596 // CNNVD: CNNVD-201804-1312 // NVD: CVE-2014-0927

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg21674739	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/92259	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0927	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0927	Trust: 0.8

sources: VULHUB: VHN-68420 // JVNDB: JVNDB-2014-008596 // CNNVD: CNNVD-201804-1312 // NVD: CVE-2014-0927

SOURCES

db:	VULHUB	id:	VHN-68420
db:	JVNDB	id:	JVNDB-2014-008596
db:	CNNVD	id:	CNNVD-201804-1312
db:	NVD	id:	CVE-2014-0927

LAST UPDATE DATE

2024-11-23T22:30:28.434000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68420	date:	2018-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-008596	date:	2018-06-14T00:00:00
db:	CNNVD	id:	CNNVD-201804-1312	date:	2018-04-23T00:00:00
db:	NVD	id:	CVE-2014-0927	date:	2024-11-21T02:03:03.430

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68420	date:	2018-04-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-008596	date:	2018-06-14T00:00:00
db:	CNNVD	id:	CNNVD-201804-1312	date:	2018-04-23T00:00:00
db:	NVD	id:	CVE-2014-0927	date:	2018-04-20T21:29:00.393