CVE-2017-1473

HIGH

IBM Security Access Manager Appliance 8.0.0-8.0.1.6 and 9.0.0-9.0.3.1 - Inadequate Encryption Strength

Title source: llm
STIX 2.1

Description

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.

References (2)

Core 2
Core References
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/128605
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22012268

Scores

CVSS v3 7.5
EPSS 0.0088
EPSS Percentile 54.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-326
Status published
Products (31)
ibm/security_access_manager_firmware 9.0.0
ibm/security_access_manager_firmware 9.0.0.1
ibm/security_access_manager_firmware 9.0.1.0
ibm/security_access_manager_firmware 9.0.2.0
ibm/security_access_manager_firmware 9.0.2.1
ibm/security_access_manager_firmware 9.0.3
ibm/security_access_manager_firmware 9.0.3.1
ibm/security_access_manager_for_mobile 8.0.0
ibm/security_access_manager_for_mobile 8.0.0.1
ibm/security_access_manager_for_mobile 8.0.0.2
... and 21 more
Published Apr 23, 2018
Tracked Since Feb 18, 2026