CVE-2012-5758 : The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authenti

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors.

Published 2012-11-23 12:09:58

Updated 2017-08-29 01:32:45

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: BypassGain privilegeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2012-5758

Probability of exploitation activity in the next 30 days: 2.35%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-5758

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2012-5758

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-5758

http://www-01.ibm.com/support/docview.wss?uid=swg1IC86908

IBM notice: The page you requested cannot be displayed
http://www-01.ibm.com/support/docview.wss?uid=swg24033740

IBM Security fixes for IBM WebSphere DataPower XC10 Appliance
Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id?1027798

IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service - SecurityTracker

CVEs referencing this url
http://www.securityfocus.com/bid/56617

IBM WebSphere DataPower XC10 Denial of Service and Security Bypass Vulnerabilities

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21615783

IBM Security Bulletin: Potential security exposures with IBM WebSphere DataPower XC10 Appliance (CVE-2012-5758, CVE-2012-5759, CVE 2012-5756)
Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/80063

IBM WebSphere Datapower XC10 administrative function access denial of service CVE-2012-5759 Vulnerability Report

Products affected by CVE-2012-5758

IBM » Websphere Datapower Xc10 Appliance » Version: 2.1.0.2
cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Datapower Xc10 Appliance » Version: 2.0.0.2
cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Datapower Xc10 Appliance » Version: 2.0.0.3
cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.0.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Datapower Xc10 Appliance » Version: 2.1.0.0
cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Datapower Xc10 Appliance » Version: 2.1.0.1
cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.1.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Datapower Xc10 Appliance » Version: 2.0.0.0
cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Datapower Xc10 Appliance » Version: 2.0.0.1
cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.0.0.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-5758

Exploit prediction scoring system (EPSS) score for CVE-2012-5758

CVSS scores for CVE-2012-5758

CWE ids for CVE-2012-5758

References for CVE-2012-5758

Products affected by CVE-2012-5758