Vulnerability Details CVE-2015-5012
The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 71.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780
- http://www-01.ibm.com/support/docview.wss?uid=swg21971422
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780
- http://www-01.ibm.com/support/docview.wss?uid=swg21971422
Products affected by CVE-2015-5012
-
cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.17
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.18
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8
-
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0
-
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2