Vulnerability Description
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Global Security Kit | <= 8.0.13 |
| Ibm | Rational Directory Server | All versions |
| Ibm | Tivoli Directory Server | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/51279
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975
- http://www-01.ibm.com/support/docview.wss?uid=swg21606145Vendor Advisory
- http://www.securityfocus.com/bid/54743
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77280
- http://secunia.com/advisories/51279
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975
- http://www-01.ibm.com/support/docview.wss?uid=swg21606145Vendor Advisory
- http://www.securityfocus.com/bid/54743
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77280
FAQ
What is CVE-2012-2203?
CVE-2012-2203 is a vulnerability with a CVSS score of 7.5 (HIGH). IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects w...
How severe is CVE-2012-2203?
CVE-2012-2203 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2203?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Global Security Kit, Ibm Rational Directory Server, Ibm Tivoli Directory Server.