CVE-2014-0897

The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03824
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/91395

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:flex_system_manager:1.2.0:::::::*
	cpe:2.3:a:ibm:flex_system_manager:1.2.1:::::::*
	cpe:2.3:a:ibm:flex_system_manager:1.3.0:::::::*
	cpe:2.3:a:ibm:flex_system_manager:1.3.1:::::::*

History

No history.

Information

Published : 2014-08-29 09:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-0897

Mitre link : CVE-2014-0897

CVE.ORG link : CVE-2014-0897

JSON object : View

Products Affected

ibm

flex_system_manager

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2014-0897", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-29T09:55:07.667", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03824", "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91395", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors."}, {"lang": "es", "value": "El componente Configuration Patterns en IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, y 1.3.1.x utiliza un algoritmo d\u00e9bil en un paso de la codificaci\u00f3n durante la creaci\u00f3n de una cuenta Chassis Management Module (CMM), lo que facilita a usuarios remotos autenticados vencer los mecanismos de protecci\u00f3n criptogr\u00e1ficos a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-08-29T01:34:19.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:flex_system_manager:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD65C3DA-831B-4FF7-BA3D-0DCCDC648941"}, {"criteria": "cpe:2.3:a:ibm:flex_system_manager:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4591623A-C3CE-4768-9FB6-C01ACA327439"}, {"criteria": "cpe:2.3:a:ibm:flex_system_manager:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88037903-4C41-4298-8FA7-0094F9227A3C"}, {"criteria": "cpe:2.3:a:ibm:flex_system_manager:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E60012C9-7E1A-4C91-B61D-D09D1F5F930B"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}