Skip to main content

Security Access Manager For Web 7 0 Firmware CVE-2015-1892

MEDIUM
Information Exposure (CWE-200)
2015-04-01 psirt@us.ibm.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 01, 2015 - 02:00 cve.org
MEDIUM 5.0

DescriptionCVE.org

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.

AnalysisAI

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. Affected products include: Ibm Security Access Manager For Web 7.0 Firmware, Ibm Security Access Manager For Web 8.0 Firmware. Version information: before 7.0.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2014-4823 CRITICAL
10.0 Oct 03

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-I

CVE-2015-5018 HIGH
8.0 Jan 02

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before

CVE-2015-5012 HIGH
7.5 Feb 15

The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3,

CVE-2015-5010 HIGH
7.5 Feb 15

IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not h

CVE-2016-3017 HIGH
7.5 Feb 01

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security miscon

CVE-2016-5919 HIGH
7.5 Feb 16

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that coul

CVE-2014-4809 HIGH
7.1 Oct 03

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WG

CVE-2016-3022 MEDIUM
6.5 Feb 01

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due

CVE-2016-3043 MEDIUM
5.9 Feb 01

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure

CVE-2016-3020 MEDIUM
5.5 Feb 07

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restriction

CVE-2016-3023 MEDIUM
5.3 Feb 01

IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by enter

CVE-2016-3016 MEDIUM
4.4 Feb 01

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying th

Share

CVE-2015-1892 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy