CVE-2012-2191

EPSS 3.22%
Published 08.08.2012 10:26:18
Last modified 11.04.2025 00:51:21
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Global Security Kit Version <= 8.0.13

Ibm ≫ Global Security Kit Version7.0.4.28

Ibm ≫ Global Security Kit Version7.0.4.29

Ibm ≫ Rational Directory Server

Ibm ≫ Tivoli Directory Server

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.22%	0.859

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/51279

http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980

http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981

http://www-01.ibm.com/support/docview.wss?uid=swg21606145

Patch

Vendor Advisory

http://www.securityfocus.com/bid/54743

https://exchange.xforce.ibmcloud.com/vulnerabilities/75996

https://nvd.nist.gov/vuln/detail/CVE-2012-2191

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2191

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2191

EUVD