4.3
CVE-2012-5756
- EPSS 1.35%
- Veröffentlicht 23.11.2012 12:09:55
- Zuletzt bearbeitet 16.06.2026 23:47:17
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Websphere Datapower Xc10 Appliance Version2.0.0.0
Ibm ≫ Websphere Datapower Xc10 Appliance Version2.0.0.1
Ibm ≫ Websphere Datapower Xc10 Appliance Version2.0.0.2
Ibm ≫ Websphere Datapower Xc10 Appliance Version2.0.0.3
Ibm ≫ Websphere Datapower Xc10 Appliance Version2.1.0.0
Ibm ≫ Websphere Datapower Xc10 Appliance Version2.1.0.1
Ibm ≫ Websphere Datapower Xc10 Appliance Version2.1.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.35% | 0.678 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/51319
http://www-01.ibm.com/support/docview.wss?uid=swg1PM68926
http://www-01.ibm.com/support/docview.wss?uid=swg21615783
http://www-01.ibm.com/support/docview.wss?uid=swg24033740
http://www.securityfocus.com/bid/56617
http://www.securitytracker.com/id?1027798
https://exchange.xforce.ibmcloud.com/vulnerabilities/79921