Vulnerability Details : CVE-2012-5756
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation.
Products affected by CVE-2012-5756
- cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:2.0.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5756
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5756
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-5756
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5756
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM68926
IBM notice: The page you requested cannot be displayedVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79921
IBM WebSphere DataPower XC10 Appliance spoofing CVE-2012-5756 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg24033740
IBM Security fixes for IBM WebSphere DataPower XC10 Appliance
-
http://www.securitytracker.com/id?1027798
IBM WebSphere DataPower XC10 Appliance Bugs Let Remote Authenticated Users Gain Elevated Privileges and Remote Users Deny Service - SecurityTracker
-
http://www.securityfocus.com/bid/56617
IBM WebSphere DataPower XC10 Denial of Service and Security Bypass Vulnerabilities
-
http://www-01.ibm.com/support/docview.wss?uid=swg21615783
IBM Security Bulletin: Potential security exposures with IBM WebSphere DataPower XC10 Appliance (CVE-2012-5758, CVE-2012-5759, CVE 2012-5756)Vendor Advisory
Jump to