Vulnerability Details : CVE-2014-3052
The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.
Exploit prediction scoring system (EPSS) score for CVE-2014-3052
Probability of exploitation activity in the next 30 days: 0.31%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3052
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
3.3
|
LOW | AV:A/AC:L/Au:N/C:P/I:N/A:N |
6.5
|
2.9
|
NIST |
CWE ids for CVE-2014-3052
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3052
-
http://www-01.ibm.com/support/docview.wss?uid=swg21676705
IBM Security Bulletin: IBM Security Access Manager for Web - NIST setting (CVE-2014-3052)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/93454
IBM Security Access Manager for Web weak security CVE-2014-3052 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
IBM notice: The page you requested cannot be displayed
Products affected by CVE-2014-3052
- cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*