CVE-2014-0848

The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21665278	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90723

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.0:::::::*
	cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.1:::::::*
	cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.2:::::::*
	cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.3:::::::*

History

No history.

Information

Published : 2014-03-26 10:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-0848

Mitre link : CVE-2014-0848

CVE.ORG link : CVE-2014-0848

JSON object : View

Products Affected

ibm

netezza_performance_portal

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2014-0848", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-26T10:55:05.193", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665278", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90723", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."}, {"lang": "es", "value": "Los archivos (1) ssl.conf y (2) httpd.conf en el componente Apache HTTP Server en IBM Netezza Performance Portal 2.0 anterior a 2.0.0.4 tienen valores SSLCipherSuite d\u00e9biles, lo que facilita a atacantes remotos anular mecanismos de protecci\u00f3n criptogr\u00e1ficos a trav\u00e9s de un ataque de fuerza bruta."}], "lastModified": "2017-08-29T01:34:16.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83C946BB-08D5-4CA1-88ED-60397A3D6F48"}, {"criteria": "cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FE3CE27-B412-45B8-97F7-F0EA43091CC7"}, {"criteria": "cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15122484-0FAB-4D26-A9B7-A5ACAB9F9E0E"}, {"criteria": "cpe:2.3:a:ibm:netezza_performance_portal:2.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72051BE0-33A1-4D30-8684-DF3E31A7451C"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}