Vulnerability Description
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Access Manager For Web 8.0 Firmware | 8.0.0.2 |
| Ibm | Security Access Manager For Web Appliance | 8.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
- http://www-01.ibm.com/support/docview.wss?uid=swg21676705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93454
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
- http://www-01.ibm.com/support/docview.wss?uid=swg21676705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93454
FAQ
What is CVE-2014-3052?
CVE-2014-3052 is a vulnerability with a CVSS score of 3.3 (LOW). The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which...
How severe is CVE-2014-3052?
CVE-2014-3052 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3052?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Access Manager For Web 8.0 Firmware, Ibm Security Access Manager For Web Appliance.