Flex System Manager
CVE-2014-0897
LOW
Severity by source
AV:N/AC:M/Au:S/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:S/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors.
AnalysisAI
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-310. The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors. Affected products include: Ibm Flex System Manager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Flex System Manager
View allIBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user
IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unsp
Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows rem
IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sens
Same weakness CWE-310 – Cryptographic Issues
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today