7.5

CVE-2012-2203

EPSS 0.96%
Published 08.08.2012 10:26:18
Last modified 11.04.2025 00:51:21
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Global Security Kit Version <= 8.0.13

Ibm ≫ Global Security Kit Version7.0.4.28

Ibm ≫ Global Security Kit Version7.0.4.29

Ibm ≫ Rational Directory Server

Ibm ≫ Tivoli Directory Server

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.96%	0.744

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/51279

http://www-01.ibm.com/support/docview.wss?uid=swg21606145

Vendor Advisory

http://www.securityfocus.com/bid/54743

http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973

http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975

https://exchange.xforce.ibmcloud.com/vulnerabilities/77280

https://nvd.nist.gov/vuln/detail/CVE-2012-2203

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2203

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2203

EUVD