Vulnerability Details CVE-2015-5012
The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780
- http://www-01.ibm.com/support/docview.wss?uid=swg21971422
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780
- http://www-01.ibm.com/support/docview.wss?uid=swg21971422
Products affected by CVE-2015-5012
-
cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.17
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.18
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2