Vulnerability Details : CVE-2014-3052
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.
Products affected by CVE-2014-3052
- cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3052
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3052
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.3
|
LOW | AV:A/AC:L/Au:N/C:P/I:N/A:N |
6.5
|
2.9
|
NIST |
CWE ids for CVE-2014-3052
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3052
-
http://www-01.ibm.com/support/docview.wss?uid=swg21676705
IBM Security Bulletin: IBM Security Access Manager for Web - NIST setting (CVE-2014-3052)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/93454
IBM Security Access Manager for Web weak security CVE-2014-3052 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
IBM notice: The page you requested cannot be displayed
Jump to