cnvd - cnvd-2017-01546

CNVD-2017-01546

Vulnerability from cnvd - Published: 2017-03-20

Title

IBM Security Access Manager Products信息泄露漏洞（CNVD-2017-01546）

Description

IBM Security Access Manager（ISAM）等都是美国IBM公司的产品。ISAM是一款安全访问管理器；IBM Security Access Manager for Web是一套通过一个模块式软件包提供移动访问安全防护的解决方案。 IBM Security Access Manager Products存在信息泄露漏洞，攻击者利用该漏洞获取敏感信息，发动进一步的攻击。

Severity

低

Patch Name

IBM Security Access Manager Products信息泄露漏洞（CNVD-2017-01546）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www-01.ibm.com/support/docview.wss?uid=swg21993722

Reference

http://www.securityfocus.com/bid/96090

Impacted products

Name
['IBM Security Access Manager For Mobile', 'IBM Security Access Manager 9.0', 'IBM Security Access Manager for Web', 'IBM Security Access Manager 9.0.2.0', 'IBM Security Access Manager 9.0.1.0', 'IBM Security Access Manager 9.0.0.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96090"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5013",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5013"
    }
  },
  "description": "IBM Security Access Manager\uff08ISAM\uff09\u7b49\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002ISAM\u662f\u4e00\u6b3e\u5b89\u5168\u8bbf\u95ee\u7ba1\u7406\u5668\uff1bIBM Security Access Manager for Web\u662f\u4e00\u5957\u901a\u8fc7\u4e00\u4e2a\u6a21\u5757\u5f0f\u8f6f\u4ef6\u5305\u63d0\u4f9b\u79fb\u52a8\u8bbf\u95ee\u5b89\u5168\u9632\u62a4\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nIBM Security Access Manager Products\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u53d1\u52a8\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002",
  "discovererName": "IBM",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21993722",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01546",
  "openTime": "2017-03-20",
  "patchDescription": "IBM Security Access Manager\uff08ISAM\uff09\u7b49\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002ISAM\u662f\u4e00\u6b3e\u5b89\u5168\u8bbf\u95ee\u7ba1\u7406\u5668\uff1bIBM Security Access Manager for Web\u662f\u4e00\u5957\u901a\u8fc7\u4e00\u4e2a\u6a21\u5757\u5f0f\u8f6f\u4ef6\u5305\u63d0\u4f9b\u79fb\u52a8\u8bbf\u95ee\u5b89\u5168\u9632\u62a4\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nIBM Security Access Manager Products\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u53d1\u52a8\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Security Access Manager Products\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-01546\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Security Access Manager For Mobile",
      "IBM Security Access Manager 9.0",
      "IBM Security Access Manager for Web",
      "IBM Security Access Manager 9.0.2.0",
      "IBM Security Access Manager  9.0.1.0",
      "IBM Security Access Manager  9.0.0.1"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/96090",
  "serverity": "\u4f4e",
  "submitTime": "2017-02-10",
  "title": "IBM Security Access Manager Products\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-01546\uff09"
}

CVE-2015-5013 (GCVE-0-2015-5013)

Vulnerability from cvelistv5 – Published: 2017-02-08 19:00 – Updated: 2024-08-06 06:32

Summary

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.

Severity ?

No CVSS data available.

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	http://www.securityfocus.com/bid/96090	vdb-entryx_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg21993722	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037792	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	IBM Corporation	Access Manager	Affected: 9.0 Affected: 9.0.0.1 Affected: 9.0.1 Affected: 7.0.0 Affected: 8.0.0 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 9.0.0 Affected: 9.0.1.0 Affected: 9.0.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96090",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96090"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
          },
          {
            "name": "1037792",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037792"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Access Manager",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.0.0.1"
            },
            {
              "status": "affected",
              "version": "9.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.0.2"
            },
            {
              "status": "affected",
              "version": "8.0.0.3"
            },
            {
              "status": "affected",
              "version": "8.0.0.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.5"
            },
            {
              "status": "affected",
              "version": "8.0.1"
            },
            {
              "status": "affected",
              "version": "8.0.1.2"
            },
            {
              "status": "affected",
              "version": "8.0.1.3"
            },
            {
              "status": "affected",
              "version": "8.0.1.4"
            },
            {
              "status": "affected",
              "version": "9.0.0"
            },
            {
              "status": "affected",
              "version": "9.0.1.0"
            },
            {
              "status": "affected",
              "version": "9.0.2.0"
            }
          ]
        }
      ],
      "datePublic": "2017-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "96090",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96090"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
        },
        {
          "name": "1037792",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037792"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5013",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Access Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "9.0.0.1"
                          },
                          {
                            "version_value": "9.0.1"
                          },
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "8.0.0"
                          },
                          {
                            "version_value": "8.0.0.1"
                          },
                          {
                            "version_value": "8.0.0.2"
                          },
                          {
                            "version_value": "8.0.0.3"
                          },
                          {
                            "version_value": "8.0.0.4"
                          },
                          {
                            "version_value": "8.0.0.5"
                          },
                          {
                            "version_value": "8.0.1"
                          },
                          {
                            "version_value": "8.0.1.2"
                          },
                          {
                            "version_value": "8.0.1.3"
                          },
                          {
                            "version_value": "8.0.1.4"
                          },
                          {
                            "version_value": "9.0.0"
                          },
                          {
                            "version_value": "9.0.1.0"
                          },
                          {
                            "version_value": "9.0.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96090",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96090"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21993722",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21993722"
            },
            {
              "name": "1037792",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037792"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5013",
    "datePublished": "2017-02-08T19:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-01546

CVE-2015-5013 (GCVE-0-2015-5013)

Tags

Sightings

Nomenclature