CVE-2015-5012 - Vulnerability Details

Vendors	Products
Ibm	Security Access Manager 9.0 Firmware Security Access Manager For Web 7.0 Firmware Security Access Manager For Web 8.0 Firmware

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780
http://www-01.ibm.com/support/docview.wss?uid=swg21971422

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-11T00:00:00", "descriptions": [{"lang": "en", "value": "The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-02-15T02:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IV78768", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"}, {"name": "IV78780", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971422"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-5012", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IV78768", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"}, {"name": "IV78780", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971422", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971422"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:32:31.881Z"}, "title": "CVE Program Container", "references": [{"name": "IV78768", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"}, {"name": "IV78780", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971422"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-5012", "datePublished": "2016-02-15T02:00:00", "dateReserved": "2015-06-24T00:00:00", "dateUpdated": "2024-08-06T06:32:31.881Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-02-11T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-02-15T02:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

name : IV78768 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 (string)

}

1 : { »

name : IV78780 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21971422 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2015-5012 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : IV78768 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 (string)

}

1 : { »

name : IV78780 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 (string)

}

2 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21971422 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21971422 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T06:32:31.881Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : IV78768 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 (string)

}

1 : { »

name : IV78780 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21971422 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2015-5012 (string)

datePublished : 2016-02-15T02:00:00 (string)

dateReserved : 2015-06-24T00:00:00 (string)

dateUpdated : 2024-08-06T06:32:31.881Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B5B6BD9-C0DF-4359-A6C1-F66E24912800", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "22433CE0-9772-48CE-8069-612FF3732C21", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2569AA28-5C61-4BBD-A501-E1ACFA36837B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3AB188A2-D7CE-4141-A55A-C074C84E366E", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DE776097-1DA4-4F27-8E96-61E3D9FFE8D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "FE4E5283-0FEE-4F37-9C41-FA695063FF79", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "73EB6121-62CD-49FC-A1D2-5467B007253C", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "A91ADDFE-9362-4D7E-B623-D662D81382E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "C8E0F31E-EB32-4442-91BE-95A9625F308F", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "701D729E-A817-4525-ADD9-EC810326B9E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "E5883F2E-83F4-4630-813B-21E533BA2CB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "A1FB9953-91A1-47BB-B6BF-088FA75BEBCA", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "CD7B0192-465A-48EF-8B51-FC6BC6EC464A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "3E40F5AD-E090-4D0B-A580-D794F60215DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "EC5BD4D1-DD9B-4845-AF17-9B813C748D1A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "7E463425-45EA-4A7B-B034-694DBB944A51", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "3135C99C-2BFD-42B5-8AF0-EC8420C91B3B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4B0D27CF-70BF-4C72-A963-310272D8EBF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "97E19969-DD73-42F2-9E91-504E1663B268", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F9CC2E05-5179-4241-A710-E582510EEB0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D331E67E-25D3-4C34-8118-49E2A8B29D96", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73E4F0CD-26DF-4975-8F40-ECB8E03A08C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FFE6F2A0-BD38-4853-A8FB-299A341FA0B6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."}, {"lang": "es", "value": "La implementaci\u00f3n de SSH en IBM Security Access Manager for Web appliances 7.0 en versiones anteriores a 7.0.0 FP19, 8.0 en versiones anteriores a 8.0.1.3 IF3 y 9.0 en versiones anteriores a 9.0.0.0 IF1 no restringe adecuadamente el conjunto de algoritmos MAC, lo que facilita a atacantes remotos vencer los mecanismos de protecci\u00f3n criptogr\u00e1fica a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-5012", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-15T02:59:06.577", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971422"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B5B6BD9-C0DF-4359-A6C1-F66E24912800 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 22433CE0-9772-48CE-8069-612FF3732C21 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 2569AA28-5C61-4BBD-A501-E1ACFA36837B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 3AB188A2-D7CE-4141-A55A-C074C84E366E (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : DE776097-1DA4-4F27-8E96-61E3D9FFE8D0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:* (string)

matchCriteriaId : FE4E5283-0FEE-4F37-9C41-FA695063FF79 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 73EB6121-62CD-49FC-A1D2-5467B007253C (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:* (string)

matchCriteriaId : A91ADDFE-9362-4D7E-B623-D662D81382E8 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:* (string)

matchCriteriaId : C8E0F31E-EB32-4442-91BE-95A9625F308F (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:* (string)

matchCriteriaId : 701D729E-A817-4525-ADD9-EC810326B9E2 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:* (string)

matchCriteriaId : E5883F2E-83F4-4630-813B-21E533BA2CB7 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:* (string)

matchCriteriaId : A1FB9953-91A1-47BB-B6BF-088FA75BEBCA (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:* (string)

matchCriteriaId : CD7B0192-465A-48EF-8B51-FC6BC6EC464A (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:* (string)

matchCriteriaId : 3E40F5AD-E090-4D0B-A580-D794F60215DB (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:* (string)

matchCriteriaId : EC5BD4D1-DD9B-4845-AF17-9B813C748D1A (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.17:*:*:*:*:*:*:* (string)

matchCriteriaId : 7E463425-45EA-4A7B-B034-694DBB944A51 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.18:*:*:*:*:*:*:* (string)

matchCriteriaId : 3135C99C-2BFD-42B5-8AF0-EC8420C91B3B (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4B0D27CF-70BF-4C72-A963-310272D8EBF7 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 97E19969-DD73-42F2-9E91-504E1663B268 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : F9CC2E05-5179-4241-A710-E582510EEB0D (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D331E67E-25D3-4C34-8118-49E2A8B29D96 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 73E4F0CD-26DF-4975-8F40-ECB8E03A08C2 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : FFE6F2A0-BD38-4853-A8FB-299A341FA0B6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. (string)

}

1 : { »

lang : es (string)

value : La implementación de SSH en IBM Security Access Manager for Web appliances 7.0 en versiones anteriores a 7.0.0 FP19, 8.0 en versiones anteriores a 8.0.1.3 IF3 y 9.0 en versiones anteriores a 9.0.0.0 IF1 no restringe adecuadamente el conjunto de algoritmos MAC, lo que facilita a atacantes remotos vencer los mecanismos de protección criptográfica a través de vectores no especificados. (string)

}

]

id : CVE-2015-5012 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-02-15T02:59:06.577 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 (string)

}

2 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21971422 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21971422 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-310 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object