CVE-2013-6329
high
CVSS v3
—
CVSS v2
7.8
VIR risk
7.8
Description
IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21676092
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21676091
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21669554
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21659716
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | content_manager_ondemand_for_multiplatforms | 8.5 | |
| ibm | content_manager_ondemand_for_multiplatforms | 9.0 | |
| ibm | global_security_kit | - | |
| ibm | security_access_manager_for_web | 6.0 | |
| ibm | security_access_manager_for_web | 6.1 | |
| ibm | security_access_manager_for_web | 6.1.1 | |
| ibm | security_access_manager_for_web | 7.0 | |
References
- http://secunia.com/advisories/56058
- http://www-01.ibm.com/support/docview.wss?uid=swg21659548
- http://www-01.ibm.com/support/docview.wss?uid=swg21659716
- http://www-01.ibm.com/support/docview.wss?uid=swg21659837
- http://www-01.ibm.com/support/docview.wss?uid=swg21669554
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88939
- http://secunia.com/advisories/56058
- http://www-01.ibm.com/support/docview.wss?uid=swg21659548
- http://www-01.ibm.com/support/docview.wss?uid=swg21659716
- http://www-01.ibm.com/support/docview.wss?uid=swg21659837
- http://www-01.ibm.com/support/docview.wss?uid=swg21669554
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88939
CWEs
CWE-310
Verify integrity in audit chain (admin only). AS-IS.