Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9674B8225BA4AFAE83AC40609008061D5E25019C9343816C0E3300F818608C4C
HistoryJun 16, 2018 - 9:23 p.m.

Security Bulletin: Multiple vulnerabilities affect IBM Security SiteProtector Appliance (CVE-2013-2566, CVE-2014-6321, CVE-2015-0162)

2018-06-1621:23:20
www.ibm.com
12

EPSS

0.967

Percentile

99.7%

JSON

Summary

There are multiple vulnerabilities identified in IBM Security SiteProtector Appliance.

Vulnerability Details

CVEID: CVE-2013-2566 **
DESCRIPTION:** The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information, caused by the inclusion of multiple single-byte biases. An attacker could exploit this vulnerability using statistical analysis of ciphertext in a large number of sessions that use the same plaintext to conduct plaintext-recovery attacks and obtain sensitive information.

CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82884 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6321 **
DESCRIPTION:** Microsoft Secure Channel could allow a remote attacker to execute arbitrary code on the system, caused by improper processing of packets by Schannel. By sending specially-crafted packets to a Windows server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98342 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-0162 **
DESCRIPTION:** IBM SiteProtector could allow a local attacker to gain elevated privileges on the system, caused by an unquoted Windows search path vulnerability. An attacker could exploit this vulnerability using a Trojan horse application to inject arbitrary code in to the root path and gain elevated privileges on the system.

CVSS Base Score: 6.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100865 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C)

Affected Products and Versions

IBM Security SiteProtector Appliance – SP2001, SP3001 and SP4001

Remediation/Fixes

Apply the appropriate eXPress Update (XPU) as identified in the SiteProtector Console Agent view:

For SiteProtector Appliance SP2001 and SP3001:

SP2001 Component:
SP_Firmware1_15.xpu

SP3001 Component:
SP_Firmware1_16.xpu
SP_Firmware1_17.xpu

For SiteProtector Appliance SP4001:

SP4001 Component:
SP_Firmware2_1.xpu

Workarounds and Mitigations

None

Related

checkpoint_advisories 5
prion 3
f5 4
openvas 10
nessus 11
nvd 3
cert 1
mskb 1
symantec 1
cvelist 3
cve 3
ibm 1
ubuntucve 1
threatpost 2
ubuntu 2
securityvulns 2
mozilla 1
ics 2
mageia 1
metasploit 1
gentoo 2
kaspersky 1
oracle 6
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SChannel Denial Of Service (MS14-066; CVE-2014-6321)
2014-11-25 00:00:00
Microsoft Windows Schannel Remote Code Execution - Ver2 (CVE-2014-6321)
2015-03-26 00:00:00
Microsoft Windows SChannel Buffer Overflow (MS14-066; CVE-2014-6321)
2014-11-26 00:00:00
prion
prion
Remote code execution
2014-11-11 22:55:00
Code injection
2013-03-15 21:55:00
Code injection
2017-09-20 18:29:00
f5
f5
SOL16128 - Microsoft Schannel vulnerability CVE-2014-6321
2015-02-12 00:00:00
K14638 : TLS/SSL RC4 vulnerability CVE-2013-2566
2015-03-30 00:00:00
K16128 : Microsoft Schannel vulnerability CVE-2014-6321
2015-02-12 00:00:00
openvas
openvas
Microsoft Windows Secure Channel Remote Code Execution Vulnerability (2992611)
2014-11-12 00:00:00
HPE Network Products Multiple Remote Vulnerabilities (HPSBHF03673)
2016-11-25 00:00:00
SSL/TLS: Report Weak Cipher Suites
2012-03-01 00:00:00
nessus
nessus
F5 Networks BIG-IP : TLS/SSL RC4 vulnerability (K14638)
2014-10-10 00:00:00
MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
2014-11-12 00:00:00
SSL RC4 Cipher Suites Supported (Bar Mitzvah)
2013-04-05 00:00:00
nvd
nvd
CVE-2013-2566
2013-03-15 21:55:01
CVE-2014-6321
2014-11-11 22:55:04
CVE-2015-0162
2017-09-20 18:29:00
cert
cert
Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets
2014-11-13 00:00:00
mskb
mskb
MS14-066: Vulnerability in SChannel could allow remote code execution: November 11, 2014
2018-02-27 00:00:00
symantec
symantec
Microsoft Secure Channel CVE-2014-6321 Remote Code Execution Vulnerability
2014-11-11 00:00:00
cvelist
cvelist
CVE-2014-6321
2014-11-11 22:00:00
CVE-2013-2566
2013-03-14 22:00:00
CVE-2015-0162
2017-09-20 18:00:00
cve
cve
CVE-2014-6321
2014-11-11 22:55:04
CVE-2013-2566
2013-03-15 21:55:01
CVE-2015-0162
2017-09-20 18:29:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect Proventia Network Active Bypass (CVE-2013-2566)
2018-06-16 21:24:40
ubuntucve
ubuntucve
CVE-2013-2566
2013-03-15 00:00:00
threatpost
threatpost
Microsoft Schannel Bug Latest in Long Line of Serious Crypto Flaws
2014-11-12 08:02:21
5 Steps to Securing Your Network Perimeter
2021-09-27 20:29:43
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-11-21 00:00:00
Firefox vulnerabilities
2013-11-20 00:00:00
securityvulns
securityvulns
Mozilla nss security vulnerabilities
2013-11-26 00:00:00
Microsoft Windows multiple security vulnerabilities
2015-08-24 00:00:00
mozilla
mozilla
Miscellaneous Network Security Services (NSS) vulnerabilities — Mozilla
2013-11-15 00:00:00
ics
ics
Mitsubishi Electric Air Conditioning Systems
2022-06-20 12:00:00
GE UR family
2021-03-16 12:00:00
mageia
mageia
Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities
2013-11-21 00:54:49
metasploit
metasploit
SSL/TLS Version Detection
2022-11-01 03:42:40
gentoo
gentoo
Mozilla Network Security Service: Multiple vulnerabilities
2014-06-21 00:00:00
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
kaspersky
kaspersky
KLA10601 Multiple vulnerabilities in Microsoft products
2014-11-11 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00

EPSS

0.967

Percentile

99.7%

JSON
Related for 9674B8225BA4AFAE83AC40609008061D5E25019C9343816C0E3300F818608C4C
checkpoint_advisories5prion3f54openvas10nessus11nvd3cert1mskb1symantec1cvelist3cve3ibm1ubuntucve1threatpost2ubuntu2securityvulns2mozilla1ics2mageia1metasploit1gentoo2kaspersky1oracle6