Vulnerability Description
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Flex System Manager | 1.2.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03824
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91395
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03824
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91395
FAQ
What is CVE-2014-0897?
CVE-2014-0897 is a vulnerability with a CVSS score of 3.5 (LOW). The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account ...
How severe is CVE-2014-0897?
CVE-2014-0897 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0897?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Flex System Manager.