cvelistv5 - cve-2015-1892

CVE-2015-1892 (GCVE-0-2015-1892)

Vulnerability from cvelistv5 – Published: 2015-04-01 01:00 – Updated: 2024-08-06 04:54

Summary

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

	http://www.securityfocus.com/bid/73683	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/550620	third-party-advisoryx_refsource_CERT-VN
	http://www-01.ibm.com/support/docview.wss?uid=swg…	vendor-advisoryx_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg…	vendor-advisoryx_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "73683",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73683"
          },
          {
            "name": "VU#550620",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/550620"
          },
          {
            "name": "IV70911",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911"
          },
          {
            "name": "IV70913",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-07-22T16:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "73683",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73683"
        },
        {
          "name": "VU#550620",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/550620"
        },
        {
          "name": "IV70911",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911"
        },
        {
          "name": "IV70913",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1892",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "73683",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73683"
            },
            {
              "name": "VU#550620",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/550620"
            },
            {
              "name": "IV70911",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911"
            },
            {
              "name": "IV70913",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1892",
    "datePublished": "2015-04-01T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.0.0.11\", \"matchCriteriaId\": \"91E58642-AE2A-40BA-93B3-4851452104F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B0D27CF-70BF-4C72-A963-310272D8EBF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97E19969-DD73-42F2-9E91-504E1663B268\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9CC2E05-5179-4241-A710-E582510EEB0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EE7B275-7B8D-45F9-86A5-8F4A4484F2B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.\"}, {\"lang\": \"es\", \"value\": \"El contestador Multicast DNS (mDNS) en IBM Security Access Manager for Web 7.x anterior a 7.0.0 FP12 y 8.x anterior a 8.0.1 FP1 responde inadvertidamente a consultas unicast con direcciones de fuentes que no son enlazadas locales, lo que permite a atacantes remotos causar una denegaci\\u00f3n de servicio (amplificaci\\u00f3n de trafico) u obtener informaci\\u00f3n potencialmente sensible a trav\\u00e9s de paquetes UDP del puerto 5353.\"}]",
      "id": "CVE-2015-1892",
      "lastModified": "2024-11-21T02:26:21.123",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-04-01T02:00:32.220",
      "references": "[{\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21699497\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/550620\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/73683\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21699497\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/550620\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/73683\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-1892\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2015-04-01T02:00:32.220\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.\"},{\"lang\":\"es\",\"value\":\"El contestador Multicast DNS (mDNS) en IBM Security Access Manager for Web 7.x anterior a 7.0.0 FP12 y 8.x anterior a 8.0.1 FP1 responde inadvertidamente a consultas unicast con direcciones de fuentes que no son enlazadas locales, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (amplificaci\u00f3n de trafico) u obtener informaci\u00f3n potencialmente sensible a trav\u00e9s de paquetes UDP del puerto 5353.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0.0.11\",\"matchCriteriaId\":\"91E58642-AE2A-40BA-93B3-4851452104F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B0D27CF-70BF-4C72-A963-310272D8EBF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97E19969-DD73-42F2-9E91-504E1663B268\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9CC2E05-5179-4241-A710-E582510EEB0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EE7B275-7B8D-45F9-86A5-8F4A4484F2B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2\"}]}]}],\"references\":[{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21699497\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/550620\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/73683\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21699497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/550620\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/73683\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GSD-2015-1892

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-1892

Aliases

CVE-2015-1892

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1892",
    "description": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.",
    "id": "GSD-2015-1892"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1892"
      ],
      "details": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.",
      "id": "GSD-2015-1892",
      "modified": "2023-12-13T01:20:05.413609Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2015-1892",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "73683",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/73683"
          },
          {
            "name": "VU#550620",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/550620"
          },
          {
            "name": "IV70911",
            "refsource": "AIXAPAR",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911"
          },
          {
            "name": "IV70913",
            "refsource": "AIXAPAR",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.0.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1892"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV70913",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
            },
            {
              "name": "VU#550620",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/550620"
            },
            {
              "name": "IV70911",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911"
            },
            {
              "name": "73683",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/73683"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-08-04T03:25Z",
      "publishedDate": "2015-04-01T02:00Z"
    }
  }
}

CERTFR-2015-AVI-184

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans IBM Security Privileged Identity Manager Virtual Appliance. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Security Privileged Identity Manager Virtual Appliance 1.0.1.1
IBM	N/A	IBM Security Privileged Identity Manager Virtual Appliance 1.0.1
IBM	N/A	IBM Security Privileged Identity Manager Virtual Appliance 2.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM swg21707262 du 15 avril 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Security Privileged Identity Manager Virtual Appliance 1.0.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Privileged Identity Manager Virtual Appliance 1.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Privileged Identity Manager Virtual Appliance 2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1892"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-184",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eIBM Security\nPrivileged Identity Manager Virtual Appliance\u003c/span\u003e. Elle permet \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans IBM Security Privileged Identity Manager Virtual Appliance",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21707262 du 15 avril 2015",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21707262"
    }
  ]
}

CERTFR-2015-AVI-184

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans IBM Security Privileged Identity Manager Virtual Appliance. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Security Privileged Identity Manager Virtual Appliance 1.0.1.1
IBM	N/A	IBM Security Privileged Identity Manager Virtual Appliance 1.0.1
IBM	N/A	IBM Security Privileged Identity Manager Virtual Appliance 2.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM swg21707262 du 15 avril 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Security Privileged Identity Manager Virtual Appliance 1.0.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Privileged Identity Manager Virtual Appliance 1.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security Privileged Identity Manager Virtual Appliance 2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1892"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-184",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eIBM Security\nPrivileged Identity Manager Virtual Appliance\u003c/span\u003e. Elle permet \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans IBM Security Privileged Identity Manager Virtual Appliance",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21707262 du 15 avril 2015",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21707262"
    }
  ]
}

VAR-201504-0377

Vulnerability from variot - Updated: 2023-12-18 12:38

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service (DoS) amplification attacks. Multiple products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information or crash the system, resulting in a denial-of-service condition. Other attacks are also possible. IBM Security Access Manager (ISAM) for Web (formerly known as IBM Tivoli Access Manager for e-business) is a set of products used in user authentication, authorization and Web single sign-on solutions of IBM Corporation in the United States. It provides user access management and Web application protection function. The following versions are affected: ISAM for Web 7.0 with firmware 7.0.0.11 and earlier, and ISAM for Web 8.0 with firmware 8.0.0.1 through 8.0.0.5 and 8.0.1.0

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0377",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "security access manager for web 8.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "security access manager for web 8.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security access manager for web 8.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "security access manager for web 8.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "security access manager for web 8.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security access manager for web 8.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.0.0.11"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avahi mdns",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "canon",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "security access manager for web software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.0.0 fp12"
      },
      {
        "model": "security access manager for web software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.x"
      },
      {
        "model": "security access manager for web software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.x"
      },
      {
        "model": "security access manager for web software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0.1 fp1"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.0.0.11"
      },
      {
        "model": "color laserjet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "47000"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.26"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.25"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.24"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.23"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.20"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.16"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.15"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.13"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.11"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.10"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.9"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.8"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.6.7"
      },
      {
        "model": "avahi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avahi",
        "version": "0.5.2"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#550620"
      },
      {
        "db": "BID",
        "id": "73683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002048"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-653"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.0.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1892"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Chad Seaman",
    "sources": [
      {
        "db": "BID",
        "id": "73683"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1892",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-1892",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-79853",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1892",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-653",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79853",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002048"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-653"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service (DoS) amplification attacks. Multiple products are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information or crash the system, resulting in a denial-of-service condition. Other attacks are also possible. IBM Security Access Manager (ISAM) for Web (formerly known as IBM Tivoli Access Manager for e-business) is a set of products used in user authentication, authorization and Web single sign-on solutions of IBM Corporation in the United States. It provides user access management and Web application protection function. The following versions are affected: ISAM for Web 7.0 with firmware 7.0.0.11 and earlier, and ISAM for Web 8.0 with firmware 8.0.0.1 through 8.0.0.5 and 8.0.1.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1892"
      },
      {
        "db": "CERT/CC",
        "id": "VU#550620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002048"
      },
      {
        "db": "BID",
        "id": "73683"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79853"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#550620",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1892",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "73683",
        "trust": 1.4
      },
      {
        "db": "JVN",
        "id": "JVNVU98589419",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002048",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-653",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-79853",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#550620"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79853"
      },
      {
        "db": "BID",
        "id": "73683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002048"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-653"
      }
    ]
  },
  "id": "VAR-201504-0377",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79853"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:38:00.036000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1699497",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002048"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002048"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1892"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/550620"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv70911"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv70913"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/chadillac/mdns_recon"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/73683"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc6762.txt"
      },
      {
        "trust": 0.8,
        "url": "https://www.usa.canon.com/cusa/support/consumer?pagekeycode=prdadvdetail\u0026docid=0901e02480ea9d5d"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1892"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98589419/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1892"
      },
      {
        "trust": 0.8,
        "url": "https://tools.ietf.org/html/rfc6762#section-5.5"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#550620"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79853"
      },
      {
        "db": "BID",
        "id": "73683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002048"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-653"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#550620"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79853"
      },
      {
        "db": "BID",
        "id": "73683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002048"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-653"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#550620"
      },
      {
        "date": "2015-04-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79853"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "BID",
        "id": "73683"
      },
      {
        "date": "2015-04-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002048"
      },
      {
        "date": "2015-04-01T02:00:32.220000",
        "db": "NVD",
        "id": "CVE-2015-1892"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-653"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#550620"
      },
      {
        "date": "2016-08-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79853"
      },
      {
        "date": "2015-05-15T00:14:00",
        "db": "BID",
        "id": "73683"
      },
      {
        "date": "2015-04-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002048"
      },
      {
        "date": "2016-08-04T03:25:56.670000",
        "db": "NVD",
        "id": "CVE-2015-1892"
      },
      {
        "date": "2015-04-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-653"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-653"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#550620"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-653"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2015-1892

Vulnerability from fkie_nvd - Published: 2015-04-01 02:00 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21699497	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.kb.cert.org/vuls/id/550620	Third Party Advisory, US Government Resource
psirt@us.ibm.com	http://www.securityfocus.com/bid/73683	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21699497	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/550620	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73683	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	security_access_manager_for_web_7.0_firmware	*
ibm	security_access_manager_for_web_8.0_firmware	8.0.0.1
ibm	security_access_manager_for_web_8.0_firmware	8.0.0.2
ibm	security_access_manager_for_web_8.0_firmware	8.0.0.3
ibm	security_access_manager_for_web_8.0_firmware	8.0.0.4
ibm	security_access_manager_for_web_8.0_firmware	8.0.0.5
ibm	security_access_manager_for_web_8.0_firmware	8.0.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91E58642-AE2A-40BA-93B3-4851452104F6",
              "versionEndIncluding": "7.0.0.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B0D27CF-70BF-4C72-A963-310272D8EBF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E19969-DD73-42F2-9E91-504E1663B268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CC2E05-5179-4241-A710-E582510EEB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE7B275-7B8D-45F9-86A5-8F4A4484F2B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73E4F0CD-26DF-4975-8F40-ECB8E03A08C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets."
    },
    {
      "lang": "es",
      "value": "El contestador Multicast DNS (mDNS) en IBM Security Access Manager for Web 7.x anterior a 7.0.0 FP12 y 8.x anterior a 8.0.1 FP1 responde inadvertidamente a consultas unicast con direcciones de fuentes que no son enlazadas locales, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (amplificaci\u00f3n de trafico) u obtener informaci\u00f3n potencialmente sensible a trav\u00e9s de paquetes UDP del puerto 5353."
    }
  ],
  "id": "CVE-2015-1892",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-01T02:00:32.220",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/550620"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/73683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/550620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/73683"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-02148

Vulnerability from cnvd - Published: 2015-04-03

Title

IBM Security Access Manager for Web Multicast DNS信息泄露漏洞

Description

IBM Security Access Manager（ISAM）for Web（前称IBM Tivoli Access Manager for e-business）是美国IBM公司的一套用于用户认证、授权和Web单点登录解决方案中的产品，它提供用户访问管理和Web应用保护功能。 IBM Security Access Manager for Web Multicast DNS存在信息泄露漏洞，该漏洞源于程序未能正确响应带有特制的源地址（不是本地链接）的单播查询。远程攻击者利用该漏洞可借助port-5353 UDP数据包造成拒绝服务,或获取潜在的敏感信息。

Severity

中

Patch Name

IBM Security Access Manager for Web Multicast DNS信息泄露漏洞的补丁

Patch Description

IBM Security Access Manager（ISAM）for Web（前称IBM Tivoli Access Manager for e-business）是美国IBM公司的一套用于用户认证、授权和Web单点登录解决方案中的产品，它提供用户访问管理和Web应用保护功能。IBM Security Access Manager for Web Multicast DNS存在信息泄露漏洞，该漏洞源于程序未能正确响应带有特制的源地址（不是本地链接）的单播查询。远程攻击者利用该漏洞可借助port-5353 UDP数据包造成拒绝服务,或获取潜在的敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg21699497 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1892

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21699497 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1892 http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913

Impacted products

Name
['IBM Security Access Manager for Web 7.x(<7.0.0 FP12)', 'IBM Security Access Manager for Web 8.x(<8.0.1 FP1)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1892"
    }
  },
  "description": "IBM Security Access Manager\uff08ISAM\uff09for Web\uff08\u524d\u79f0IBM Tivoli Access Manager for e-business\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7528\u6237\u8ba4\u8bc1\u3001\u6388\u6743\u548cWeb\u5355\u70b9\u767b\u5f55\u89e3\u51b3\u65b9\u6848\u4e2d\u7684\u4ea7\u54c1\uff0c\u5b83\u63d0\u4f9b\u7528\u6237\u8bbf\u95ee\u7ba1\u7406\u548cWeb\u5e94\u7528\u4fdd\u62a4\u529f\u80fd\u3002\r\n\r\nIBM Security Access Manager for Web Multicast DNS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u54cd\u5e94\u5e26\u6709\u7279\u5236\u7684\u6e90\u5730\u5740\uff08\u4e0d\u662f\u672c\u5730\u94fe\u63a5\uff09\u7684\u5355\u64ad\u67e5\u8be2\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u501f\u52a9port-5353 UDP\u6570\u636e\u5305\u9020\u6210\u62d2\u7edd\u670d\u52a1,\u6216\u83b7\u53d6\u6f5c\u5728\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21699497\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1892",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02148",
  "openTime": "2015-04-03",
  "patchDescription": "IBM Security Access Manager\uff08ISAM\uff09for Web\uff08\u524d\u79f0IBM Tivoli Access Manager for e-business\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7528\u6237\u8ba4\u8bc1\u3001\u6388\u6743\u548cWeb\u5355\u70b9\u767b\u5f55\u89e3\u51b3\u65b9\u6848\u4e2d\u7684\u4ea7\u54c1\uff0c\u5b83\u63d0\u4f9b\u7528\u6237\u8bbf\u95ee\u7ba1\u7406\u548cWeb\u5e94\u7528\u4fdd\u62a4\u529f\u80fd\u3002IBM Security Access Manager for Web Multicast DNS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u54cd\u5e94\u5e26\u6709\u7279\u5236\u7684\u6e90\u5730\u5740\uff08\u4e0d\u662f\u672c\u5730\u94fe\u63a5\uff09\u7684\u5355\u64ad\u67e5\u8be2\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u501f\u52a9port-5353 UDP\u6570\u636e\u5305\u9020\u6210\u62d2\u7edd\u670d\u52a1,\u6216\u83b7\u53d6\u6f5c\u5728\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Security Access Manager for Web Multicast DNS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Security Access Manager for Web 7.x(\u003c7.0.0 FP12)",
      "IBM Security Access Manager for Web 8.x(\u003c8.0.1 FP1)"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1892\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV70913",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-02",
  "title": "IBM Security Access Manager for Web Multicast DNS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-WR75-H66J-9V32

Vulnerability from github – Published: 2022-05-17 03:50 – Updated: 2022-05-17 03:50

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1892"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-04-01T02:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.",
  "id": "GHSA-wr75-h66j-9v32",
  "modified": "2022-05-17T03:50:34Z",
  "published": "2022-05-17T03:50:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1892"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/550620"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/73683"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-1892 (GCVE-0-2015-1892)

GSD-2015-1892

CERTFR-2015-AVI-184

Solution

CERTFR-2015-AVI-184

Solution

VAR-201504-0377

FKIE_CVE-2015-1892

CNVD-2015-02148

GHSA-WR75-H66J-9V32

Tags

Sightings

Nomenclature