Vulnerability Details : CVE-2014-0848
The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Products affected by CVE-2014-0848
- cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0848
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0848
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2014-0848
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0848
-
http://www-01.ibm.com/support/docview.wss?uid=swg21665278
IBM Security Bulletin: The default configuration of the web server used by IBM Netezza Performance Portal uses weak SSL ciphers (CVE-2014-0848)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90723
IBM Netezza Performance Portal weak security CVE-2014-0848 Vulnerability Report
Jump to