Vulnerability-Lookup - Search a vulnerability

CVE-2017-1534 (GCVE-0-2017-1534)

Vulnerability from cvelistv5

Published

2018-01-10 17:00

Modified

2024-09-17 00:05

Severity ?

CWE

Gain Access

Summary

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/130676	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22008936	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040169	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/102509	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	Security Access Manager	Version: 9.0.0.1 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 8.0.1.5 Version: 9.0.2.1 Version: 9.0.3 Version: 8.0.1.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
          },
          {
            "name": "1040169",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040169"
          },
          {
            "name": "102509",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102509"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Access Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.0.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.0"
            },
            {
              "status": "affected",
              "version": "9.0.1.0"
            },
            {
              "status": "affected",
              "version": "9.0.2.0"
            },
            {
              "status": "affected",
              "version": "8.0.1.5"
            },
            {
              "status": "affected",
              "version": "9.0.2.1"
            },
            {
              "status": "affected",
              "version": "9.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.1.6"
            }
          ]
        }
      ],
      "datePublic": "2018-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-16T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
        },
        {
          "name": "1040169",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040169"
        },
        {
          "name": "102509",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102509"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-01-05T00:00:00",
          "ID": "CVE-2017-1534",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Access Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0.0.1"
                          },
                          {
                            "version_value": "8.0.0"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.0.1.2"
                          },
                          {
                            "version_value": "8.0.1.3"
                          },
                          {
                            "version_value": "8.0.1.4"
                          },
                          {
                            "version_value": "9.0.0"
                          },
                          {
                            "version_value": "9.0.1.0"
                          },
                          {
                            "version_value": "9.0.2.0"
                          },
                          {
                            "version_value": "8.0.1.5"
                          },
                          {
                            "version_value": "9.0.2.1"
                          },
                          {
                            "version_value": "9.0.3"
                          },
                          {
                            "version_value": "8.0.1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22008936",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
            },
            {
              "name": "1040169",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040169"
            },
            {
              "name": "102509",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102509"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1534",
    "datePublished": "2018-01-10T17:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T00:05:31.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1473 (GCVE-0-2017-1473)

Vulnerability from cvelistv5

Published

2018-04-23 13:00

Modified

2024-09-16 22:35

Severity ?

CWE

Obtain Information

Summary

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.

References

►

URL

	Vendor	Product	Version
	IBM	Security Access Manager	Version: 9.0.0.1 Version: 8.0.0 Version: 8.0.0.1 Version: 8.0.0.2 Version: 8.0.0.3 Version: 8.0.0.4 Version: 8.0.0.5 Version: 8.0.1 Version: 8.0.1.2 Version: 8.0.1.3 Version: 8.0.1.4 Version: 9.0.0 Version: 9.0.1.0 Version: 9.0.2.0 Version: 8.0.1.5 Version: 9.0.2.1 Version: 9.0.3 Version: 9.0.3.1 Version: 8.0.1.6

Vulnerability from fkie_nvd

Published

2018-01-10 17:29

Modified

2024-11-21 03:22

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22008936	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/102509	Third Party Advisory, VDB Entry
psirt@us.ibm.com	http://www.securitytracker.com/id/1040169	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/130676	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22008936	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102509	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040169	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/130676	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	security_access_manager_for_web_firmware	8.0.0
ibm	security_access_manager_for_web_firmware	8.0.0.1
ibm	security_access_manager_for_web_firmware	8.0.0.2
ibm	security_access_manager_for_web_firmware	8.0.0.3
ibm	security_access_manager_for_web_firmware	8.0.0.4
ibm	security_access_manager_for_web_firmware	8.0.0.5
ibm	security_access_manager_for_web_firmware	8.0.1
ibm	security_access_manager_for_web_firmware	8.0.1.2
ibm	security_access_manager_for_web_firmware	8.0.1.3
ibm	security_access_manager_for_web_firmware	8.0.1.4
ibm	security_access_manager_for_web_firmware	8.0.1.5
ibm	security_access_manager_for_web_firmware	8.0.1.6
ibm	security_access_manager_for_web_appliance	-
ibm	security_access_manager_for_mobile	8.0.0
ibm	security_access_manager_for_mobile	8.0.0.1
ibm	security_access_manager_for_mobile	8.0.0.2
ibm	security_access_manager_for_mobile	8.0.0.3
ibm	security_access_manager_for_mobile	8.0.0.4
ibm	security_access_manager_for_mobile	8.0.0.5
ibm	security_access_manager_for_mobile	8.0.1
ibm	security_access_manager_for_mobile	8.0.1.2
ibm	security_access_manager_for_mobile	8.0.1.3
ibm	security_access_manager_for_mobile	8.0.1.4
ibm	security_access_manager_for_mobile	8.0.1.5
ibm	security_access_manager_for_mobile	8.0.1.6
ibm	security_access_manager_for_mobile_appliance	-
ibm	security_access_manager_firmware	9.0.0
ibm	security_access_manager_firmware	9.0.0.1
ibm	security_access_manager_firmware	9.0.1.0
ibm	security_access_manager_firmware	9.0.2.0
ibm	security_access_manager_firmware	9.0.2.1
ibm	security_access_manager_firmware	9.0.3
ibm	security_access_manager_appliance	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB40FA5B-56C0-4F30-B1FF-4AE319342216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B5235B-7CB8-4BED-A621-A07E41DBC9C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E742D56D-85BB-4389-9852-8071437D4482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D66204-3C44-4CA6-996B-AD3BFD3370DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE0F597-8CD6-4E07-9F06-6F8471586D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "585E5EC5-4614-47BD-8526-4E74B9F7FC3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B63033A8-07D0-49C0-9C52-004D0A531ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E4F115-166B-455C-A9F9-C41F2C1E7F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BCC4761-86E0-44C8-A267-BB346CFFC1FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "502A2DA1-6D96-4FF5-9879-A2872485CBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB020561-2D4E-4F20-99B0-E8E12E014284",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A346626B-8FD3-46E5-A233-9B7481F5CB01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266A82C7-1172-417D-A7CA-0CA7C393347E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1C0454A-1A09-4EED-8A94-F07F44B7A098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B93CED0-E8FA-4238-8963-46074D11A334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "907BB0CF-D270-4493-8D61-9841E6C5FE45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0801BD2-D95B-4703-9804-A555F9E7BA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "525EF7EC-712E-4C84-A15C-B2A30BD11A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EE90667-0C16-4E4B-98DC-A6AD7A073D64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA8844A0-17D5-4EE9-85C4-518DACE7C9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0D646B2-7308-43A0-AE76-873946FB024E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B1988E5-DFE6-4282-B9D3-6655297B481B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BEF4063-73D7-416D-AD21-CDC1C0534677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8DFC0D0-2326-40CA-B4CC-65194566DA98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A180463-EDE0-47DB-A031-979E73AA2A33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9795ED-23D5-4792-A8E8-3014E48DC67F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CEF9594-C2A9-4D2C-9D55-DBFDD5E5EC7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "84C682FD-1176-4D21-AB41-6F3FDB6E5428",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D58EA8-CB22-47AD-965E-35C46F2369AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A42F3AC0-9DA3-4DEE-ADB7-0ED69FC77B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "956D8D10-495A-4DF1-B014-87E7E2F57748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "282521FB-EA6A-4BAA-8BBE-9A0D66AA2186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC9E6E2-005E-4EC3-87A0-AF1A7E7B3F6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676."
    },
    {
      "lang": "es",
      "value": "IBM Security Access Manager Appliance en sus versiones 8.0.0 y 9.0.0 podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 130676."
    }
  ],
  "id": "CVE-2017-1534",
  "lastModified": "2024-11-21T03:22:02.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-10T17:29:01.110",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102509"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040169"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-04-23 13:29

Modified

2024-11-21 03:21

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22012268	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/128605	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22012268	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/128605	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	security_access_manager_for_web_firmware	8.0.0
ibm	security_access_manager_for_web_firmware	8.0.0.1
ibm	security_access_manager_for_web_firmware	8.0.0.2
ibm	security_access_manager_for_web_firmware	8.0.0.3
ibm	security_access_manager_for_web_firmware	8.0.0.4
ibm	security_access_manager_for_web_firmware	8.0.0.5
ibm	security_access_manager_for_web_firmware	8.0.1
ibm	security_access_manager_for_web_firmware	8.0.1.2
ibm	security_access_manager_for_web_firmware	8.0.1.3
ibm	security_access_manager_for_web_firmware	8.0.1.4
ibm	security_access_manager_for_web_firmware	8.0.1.5
ibm	security_access_manager_for_web_firmware	8.0.1.6
ibm	security_access_manager_for_web_appliance	-
ibm	security_access_manager_for_mobile	8.0.0
ibm	security_access_manager_for_mobile	8.0.0.1
ibm	security_access_manager_for_mobile	8.0.0.2
ibm	security_access_manager_for_mobile	8.0.0.3
ibm	security_access_manager_for_mobile	8.0.0.4
ibm	security_access_manager_for_mobile	8.0.0.5
ibm	security_access_manager_for_mobile	8.0.1
ibm	security_access_manager_for_mobile	8.0.1.2
ibm	security_access_manager_for_mobile	8.0.1.3
ibm	security_access_manager_for_mobile	8.0.1.4
ibm	security_access_manager_for_mobile	8.0.1.5
ibm	security_access_manager_for_mobile	8.0.1.6
ibm	security_access_manager_for_mobile_appliance	-
ibm	security_access_manager_firmware	9.0.0
ibm	security_access_manager_firmware	9.0.0.1
ibm	security_access_manager_firmware	9.0.1.0
ibm	security_access_manager_firmware	9.0.2.0
ibm	security_access_manager_firmware	9.0.2.1
ibm	security_access_manager_firmware	9.0.3
ibm	security_access_manager_firmware	9.0.3.1
ibm	security_access_manager_appliance	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB40FA5B-56C0-4F30-B1FF-4AE319342216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B5235B-7CB8-4BED-A621-A07E41DBC9C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E742D56D-85BB-4389-9852-8071437D4482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D66204-3C44-4CA6-996B-AD3BFD3370DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE0F597-8CD6-4E07-9F06-6F8471586D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "585E5EC5-4614-47BD-8526-4E74B9F7FC3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B63033A8-07D0-49C0-9C52-004D0A531ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E4F115-166B-455C-A9F9-C41F2C1E7F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BCC4761-86E0-44C8-A267-BB346CFFC1FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "502A2DA1-6D96-4FF5-9879-A2872485CBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB020561-2D4E-4F20-99B0-E8E12E014284",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A346626B-8FD3-46E5-A233-9B7481F5CB01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266A82C7-1172-417D-A7CA-0CA7C393347E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3848FA8-8B62-42D4-BB98-D3CB19F0FDDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11C93808-34DD-4728-860C-8DE54F6D127F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F763BDC-4AF6-4A73-836A-D49724BA2BD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8CCBD9-0284-4FC9-97AA-026692065431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B78F5BA3-A644-40A2-8254-BBB976486359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC7C0967-F5DC-43BA-AB23-F74F6CF5D934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A47C7F1-18B0-486D-898E-14E2EE5596DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C6C6169-E124-486A-BD13-E4CFCAC5CFFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C6D6A0-52F4-49F7-AF57-C32BCF7E9A60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2310A59-7BA2-450F-95E7-E90B9FB90B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE8219A4-7426-4585-B54D-B1A46229DD62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF31C09C-F6BD-4283-A183-F0EE896733C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9795ED-23D5-4792-A8E8-3014E48DC67F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CEF9594-C2A9-4D2C-9D55-DBFDD5E5EC7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "84C682FD-1176-4D21-AB41-6F3FDB6E5428",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D58EA8-CB22-47AD-965E-35C46F2369AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A42F3AC0-9DA3-4DEE-ADB7-0ED69FC77B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "956D8D10-495A-4DF1-B014-87E7E2F57748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "282521FB-EA6A-4BAA-8BBE-9A0D66AA2186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8ADF36-1217-474C-BB54-F5658F63EA87",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC9E6E2-005E-4EC3-87A0-AF1A7E7B3F6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605."
    },
    {
      "lang": "es",
      "value": "IBM Security Access Manager Appliance 8.0.0 hasta 8.0.1.6 y 9.0.0 hasta la 9.0.3.1 emplea algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir que un atacante descifre informaci\u00f3n altamente sensible. IBM X-Force ID: 128605."
    }
  ],
  "id": "CVE-2017-1473",
  "lastModified": "2024-11-21T03:21:55.597",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-23T13:29:00.247",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012268"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerabilites related to ibm - security_access_manager_firmware

CVE-2017-1534 (GCVE-0-2017-1534)

Vulnerability from cvelistv5

CVE-2017-1473 (GCVE-0-2017-1473)

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd