CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
Vulnerabilities in Apache Axis affect Cloud Pak System [CVE-2012-5784, CVE-2014-3596]
CVEID:CVE-2012-5784
**DESCRIPTION:**Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subjectβs Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/79829 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID:CVE-2014-3596
**DESCRIPTION:**Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subjectβs Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/95377 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Product(s)|**Version(s) (intel)
**
β|β
IBM Cloud Pak Systemn| 2.3.3.0
IBM Cloud Pak Systemn| 2.3.3.3 iFIx1
IBM Cloud Pak Systemn| 2.3.3.4
IBM Cloud Pak Systemn| 2.3.3.5,
IBM Cloud Pak Systemn| 2.3.3.6, 2.3.3.3.6 iFix1, 2.3.3.6 iFix2
For unsupported versions the recommendation is to upgrade to supported version of the product.
This security bulletin applies to Cloud Pak System, Cloud Pak System Software, Cloud Pak System Software Suite.
IBM strongly recommends addressing the vulnerability now by applying the fix below.
For Cloud Pak System on Intel
Upgrade to Cloud Pak System v2.3.4.0 for Intel at IBM Fix Central
Information on upgrading here <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cloud_pak_system | 2.3 | cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:* |