Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5756

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5756
Last Modified 29 May 2013 11:19:30
Published 23 Nov 2012 07:09:55
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5756

Summary

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation.

Vulnerable Systems


References

XF - websphere-datapower-app-spoofing(79921)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg24033740

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21615783

AIXAPAR - PM68926

SECTRACK - 1027798

BID - 56617

SECUNIA - 51319


Last Updated: 27 May 2016 10:58:29