Sign-up

ID

VAR-201804-0461


CVE

CVE-2017-1473


TITLE

IBM Security Access Manager Appliance Vulnerabilities related to cryptographic strength

Trust: 0.8

sources: JVNDB: JVNDB-2018-004342

DESCRIPTION

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605. Vendors have confirmed this vulnerability IBM X-Force ID: 128605 It is released as.Information may be obtained. The program enables access management control through integrated devices for web, mobile and cloud computing. An attacker could exploit this vulnerability to decrypt sensitive information

Trust: 1.71

sources: NVD: CVE-2017-1473 // JVNDB: JVNDB-2018-004342 // VULHUB: VHN-105481

AFFECTED PRODUCTS

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.4

Trust: 1.6

vendor:ibmmodel:security access managerscope:eqversion:9.0.0.1

Trust: 1.6

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.5

Trust: 1.6

vendor:ibmmodel:security access managerscope:eqversion:9.0.3

Trust: 1.6

vendor:ibmmodel:security access managerscope:eqversion:9.0.0

Trust: 1.6

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.6

Trust: 1.6

vendor:ibmmodel:security access managerscope:eqversion:9.0.1.0

Trust: 1.6

vendor:ibmmodel:security access managerscope:eqversion:9.0.2.1

Trust: 1.6

vendor:ibmmodel:security access managerscope:eqversion:9.0.2.0

Trust: 1.6

vendor:ibmmodel:security access managerscope:eqversion:9.0.3.1

Trust: 1.6

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.2

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.5

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.3

Trust: 1.0

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0

Trust: 1.0

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.3

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.2

Trust: 1.0

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.5

Trust: 1.0

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.4

Trust: 1.0

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.1

Trust: 1.0

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.2

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.4

Trust: 1.0

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.3

Trust: 1.0

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.2

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.3

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.6

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.5

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1

Trust: 1.0

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.4

Trust: 1.0

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.1

Trust: 1.0

vendor:ibmmodel:security access manager for mobile softwarescope:eqversion:8.0.0 to 8.0.1.6

Trust: 0.8

vendor:ibmmodel:security access manager for web softwarescope:eqversion:8.0.0 to 8.0.1.6

Trust: 0.8

vendor:ibmmodel:security access manager softwarescope:eqversion:9.0.0 to 9.0.3.1

Trust: 0.8

sources: JVNDB: JVNDB-2018-004342 // CNNVD: CNNVD-201804-1353 // NVD: CVE-2017-1473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1473
value: HIGH

Trust: 1.0

NVD: CVE-2017-1473
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-1353
value: MEDIUM

Trust: 0.6

VULHUB: VHN-105481
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-1473
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-105481
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1473
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-105481 // JVNDB: JVNDB-2018-004342 // CNNVD: CNNVD-201804-1353 // NVD: CVE-2017-1473

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.9

sources: VULHUB: VHN-105481 // JVNDB: JVNDB-2018-004342 // NVD: CVE-2017-1473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1353

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-1353

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004342

PATCH
title:2012268url:http://www-01.ibm.com/support/docview.wss?uid=swg22012268
Trust: 0.8
title:ibm-sam-cve20171473-info-disc (128605)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/128605
Trust: 0.8
title:IBM Security Access Manager Appliance Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79639
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004342 // 
            
            
            
            CNNVD: CNNVD-201804-1353

EXTERNAL IDS
db:NVDid:CVE-2017-1473
Trust: 2.5
db:JVNDBid:JVNDB-2018-004342
Trust: 0.8
db:CNNVDid:CNNVD-201804-1353
Trust: 0.7
db:VULHUBid:VHN-105481
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105481 // 
            
            
            
            JVNDB: JVNDB-2018-004342 // 
            
            
            
            CNNVD: CNNVD-201804-1353 // 
            
            
            
            NVD: CVE-2017-1473

REFERENCES
url:http://www.ibm.com/support/docview.wss?uid=swg22012268
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/128605
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1473
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-1473
Trust: 0.8
sources:
            
            
            VULHUB: VHN-105481 // 
            
            
            
            JVNDB: JVNDB-2018-004342 // 
            
            
            
            CNNVD: CNNVD-201804-1353 // 
            
            
            
            NVD: CVE-2017-1473

SOURCES
db:VULHUBid:VHN-105481
db:JVNDBid:JVNDB-2018-004342
db:CNNVDid:CNNVD-201804-1353
db:NVDid:CVE-2017-1473

LAST UPDATE DATE
2024-11-23T23:08:45.380000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-105481date:2018-05-23T00:00:00
db:JVNDBid:JVNDB-2018-004342date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-1353date:2018-04-24T00:00:00
db:NVDid:CVE-2017-1473date:2024-11-21T03:21:55.597

SOURCES RELEASE DATE
db:VULHUBid:VHN-105481date:2018-04-23T00:00:00
db:JVNDBid:JVNDB-2018-004342date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-1353date:2018-04-24T00:00:00
db:NVDid:CVE-2017-1473date:2018-04-23T13:29:00.247