- Description
- IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher suite.
- Source
- psirt@us.ibm.com
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-310
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4133E7B3-02B3-44C8-BBD7-234E06C3EC70"
},
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A4AD958-FDB2-4F63-AD4F-C88B33BFA692"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF1B0C02-D5D9-4F10-9120-C76D39D5C323"
}
],
"operator": "OR"
}
]
}
]