CVE-2014-3059

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476
http://www-01.ibm.com/support/docview.wss?uid=swg21685705	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/93533

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.0:*:*:*:*:*:*:*

cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-10-02 00:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-3059

Mitre link : CVE-2014-3059

CVE.ORG link : CVE-2014-3059

JSON object : View

Products Affected

ibm

websphere_datapower_xc10_appliance
websphere_datapower_xc10_appliance_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-3059", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-02T00:55:03.593", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685705", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93533", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network."}, {"lang": "es", "value": "Vulnerabilidad no especificada en la consola de administraci\u00f3n en IBM WebSphere DataPower XC10 2.5 permite a atacantes remotos obtener privilegios de administraci\u00f3n mediante el aprovechamiento del acceso a una red de eXtreme Scale Distributed ObjectGrid."}], "lastModified": "2017-08-29T01:34:37.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC82F650-DD87-44D7-8403-DEE82934B05B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:websphere_datapower_xc10_appliance:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50016031-DAFB-420A-BC46-66C8D89681F4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}