FKIE_CVE-2014-0897

Vulnerability from fkie_nvd - Published: 2014-08-29 09:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IT03824
psirt@us.ibm.comhttp://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91395
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IT03824
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/91395
Impacted products
Vendor Product Version
ibm flex_system_manager 1.2.0
ibm flex_system_manager 1.2.1
ibm flex_system_manager 1.3.0
ibm flex_system_manager 1.3.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:flex_system_manager:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD65C3DA-831B-4FF7-BA3D-0DCCDC648941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:flex_system_manager:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4591623A-C3CE-4768-9FB6-C01ACA327439",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:flex_system_manager:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88037903-4C41-4298-8FA7-0094F9227A3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:flex_system_manager:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60012C9-7E1A-4C91-B61D-D09D1F5F930B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El componente Configuration Patterns en IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, y 1.3.1.x utiliza un algoritmo d\u00e9bil en un paso de la codificaci\u00f3n durante la creaci\u00f3n de una cuenta Chassis Management Module (CMM), lo que facilita a usuarios remotos autenticados vencer los mecanismos de protecci\u00f3n criptogr\u00e1ficos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-0897",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-29T09:55:07.667",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03824"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91395"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.