Details of VAR-201807-0205

ID

VAR-201807-0205

CVE

CVE-2017-1575

TITLE

IBM Sterling B2B Integrator Standard Edition Vulnerabilities in the use of cryptographic algorithms

Trust: 0.8

sources: JVNDB: JVNDB-2018-008163

DESCRIPTION

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032. Vendors have confirmed this vulnerability IBM X-Force ID: 132032 It is released as.Information may be obtained. An attacker can exploit these issues to gain access to sensitive information. Information obtained may aid in other attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. The vulnerability is caused by the program using a weak cryptographic algorithm

Trust: 1.98

sources: NVD: CVE-2017-1575 // JVNDB: JVNDB-2018-008163 // BID: 104885 // VULHUB: VHN-106603

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling file gateway	scope:	lte	version:	2.2.6	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	2.2.0	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.0 to 2.2.6	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.6	Trust: 0.3
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.5	Trust: 0.3
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 0.3

sources: BID: 104885 // JVNDB: JVNDB-2018-008163 // NVD: CVE-2017-1575

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-1575
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2017-1575
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-1575
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201807-1697
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-106603
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-1575
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-106603
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-1575
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8
psirt@us.ibm.com:	CVE-2017-1575
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.4
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-106603 // JVNDB: JVNDB-2018-008163 // CNNVD: CNNVD-201807-1697 // NVD: CVE-2017-1575 // NVD: CVE-2017-1575

PROBLEMTYPE DATA

problemtype:

CWE-327

Trust: 1.9

sources: VULHUB: VHN-106603 // JVNDB: JVNDB-2018-008163 // NVD: CVE-2017-1575

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-1697

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-1697

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008163

PATCH

title:	0716997	url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10716997	Trust: 0.8
title:	ibm-sterling-cve20171575-info-disc (132032)	url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/132032	Trust: 0.8
title:	IBM Sterling File Gateway Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82538	Trust: 0.6

sources: JVNDB: JVNDB-2018-008163 // CNNVD: CNNVD-201807-1697

EXTERNAL IDS

db:	NVD	id:	CVE-2017-1575	Trust: 2.8
db:	BID	id:	104885	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-008163	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1697	Trust: 0.7
db:	VULHUB	id:	VHN-106603	Trust: 0.1

sources: VULHUB: VHN-106603 // BID: 104885 // JVNDB: JVNDB-2018-008163 // CNNVD: CNNVD-201807-1697 // NVD: CVE-2017-1575

REFERENCES

url:	http://www.securityfocus.com/bid/104885	Trust: 1.7
url:	http://www.ibm.com/support/docview.wss?uid=ibm10716997	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/132032	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1575	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1575	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ibm10716997	Trust: 0.3

sources: VULHUB: VHN-106603 // BID: 104885 // JVNDB: JVNDB-2018-008163 // CNNVD: CNNVD-201807-1697 // NVD: CVE-2017-1575

CREDITS

IBM

Trust: 0.3

sources: BID: 104885

SOURCES

db:	VULHUB	id:	VHN-106603
db:	BID	id:	104885
db:	JVNDB	id:	JVNDB-2018-008163
db:	CNNVD	id:	CNNVD-201807-1697
db:	NVD	id:	CVE-2017-1575

LAST UPDATE DATE

2024-11-23T22:34:14.908000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-106603	date:	2019-10-09T00:00:00
db:	BID	id:	104885	date:	2018-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-008163	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201807-1697	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-1575	date:	2024-11-21T03:22:06.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-106603	date:	2018-07-20T00:00:00
db:	BID	id:	104885	date:	2018-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-008163	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201807-1697	date:	2018-07-23T00:00:00
db:	NVD	id:	CVE-2017-1575	date:	2018-07-20T16:29:00.307