Lucene search

IbmCVE-2012-5940

HistoryFeb 20, 2013 - 12:09 p.m.

CVE-2012-5940

2013-02-2012:09:22

CWE-287

ibm

web.nvd.nist.gov

ibm netezza

webadmin

cve-2012-5940

ssl

authentication

network sniffing

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

61.2%

JSON

The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process.

Affected configurations

Nvd

Node

ibmnetezzaMatch6.0.5

ibmnetezzaMatch6.0.8

ibmnetezzaMatch7.0

VendorProductVersionCPE
ibmnetezza6.0.5cpe:2.3:h:ibm:netezza:6.0.5:*:*:*:*:*:*:*
ibmnetezza6.0.8cpe:2.3:h:ibm:netezza:6.0.8:*:*:*:*:*:*:*
ibmnetezza7.0cpe:2.3:h:ibm:netezza:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	netezza	6.0.5	cpe:2.3:h:ibm:netezza:6.0.5:::::::*
ibm	netezza	6.0.8	cpe:2.3:h:ibm:netezza:6.0.8:::::::*
ibm	netezza	7.0	cpe:2.3:h:ibm:netezza:7.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21624568

exchange.xforce.ibmcloud.com/vulnerabilities/80535

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

61.2%

JSON

Related for CVE-2012-5940