Details of VAR-201408-0328

ID

VAR-201408-0328

CVE

CVE-2014-0852

TITLE

IBM WebSphere DataPower SOA On the appliance PreMasterSecret Vulnerability whose value is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-003836

DESCRIPTION

IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack. IBM WebSphere DataPower SOA Appliances are prone to a remote information-disclosure vulnerability. Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks. The appliance is primarily used to simplify, secure and accelerate XML and Web services deployment in SOA

Trust: 2.07

sources: NVD: CVE-2014-0852 // JVNDB: JVNDB-2014-003836 // BID: 69218 // VULHUB: VHN-68345 // VULMON: CVE-2014-0852

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere datapower soa appliance	scope:	eq	version:	6.0.1	Trust: 1.6
vendor:	ibm	model:	websphere datapower soa appliance	scope:	eq	version:	5.0.0	Trust: 1.6
vendor:	ibm	model:	websphere datapower soa appliance	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	ibm	model:	websphere datapower soa appliance	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	websphere datapower soa appliance	scope:	lte	version:	4.0.2.15	Trust: 1.0
vendor:	ibm	model:	websphere datapower soa appliance	scope:	eq	version:	4.0.2.15	Trust: 0.9
vendor:	ibm	model:	websphere datapower soa the appliance	scope:	eq	version:	9004 mtm - 9235-xxx	Trust: 0.8
vendor:	ibm	model:	websphere datapower soa the appliance	scope:	eq	version:	9005 mtm - 7198 (1u) and 7199 (2u)	Trust: 0.8
vendor:	ibm	model:	websphere datapower soa the appliance	scope:	eq	version:	hs22 - integration blade xi50b type 4195	Trust: 0.8
vendor:	ibm	model:	websphere datapower soa the appliance	scope:	lte	version:	4.0.2.15	Trust: 0.8
vendor:	ibm	model:	websphere datapower soa the appliance	scope:	eq	version:	5.0.0.17 for up to 5.x	Trust: 0.8
vendor:	ibm	model:	websphere datapower soa the appliance	scope:	eq	version:	6.0.0.9 for up to 6.0.0.x	Trust: 0.8
vendor:	ibm	model:	websphere datapower soa the appliance	scope:	eq	version:	6.0.1.5 for up to 6.0.1.x	Trust: 0.8
vendor:	ibm	model:	websphere datapower soa appliance	scope:	eq	version:	6.0.1.5	Trust: 0.3
vendor:	ibm	model:	websphere datapower soa appliance	scope:	eq	version:	6.0.0.9	Trust: 0.3
vendor:	ibm	model:	websphere datapower soa appliance	scope:	eq	version:	5.0.0.17	Trust: 0.3

sources: BID: 69218 // JVNDB: JVNDB-2014-003836 // CNNVD: CNNVD-201408-262 // NVD: CVE-2014-0852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0852
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0852
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201408-262
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68345
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-0852
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0852
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-68345
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68345 // VULMON: CVE-2014-0852 // JVNDB: JVNDB-2014-003836 // CNNVD: CNNVD-201408-262 // NVD: CVE-2014-0852

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-68345 // JVNDB: JVNDB-2014-003836 // NVD: CVE-2014-0852

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-262

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201408-262

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003836

PATCH

title:	IT01111	url:	http://www-01.ibm.com/support/docview.wss?uid=swg1IT01111	Trust: 0.8
title:	1678204	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21678204	Trust: 0.8
title:	xg7001.oradco	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51672	Trust: 0.6
title:	xi7001.oradco	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51671	Trust: 0.6

sources: JVNDB: JVNDB-2014-003836 // CNNVD: CNNVD-201408-262

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0852	Trust: 2.9
db:	SECUNIA	id:	60112	Trust: 1.8
db:	JVNDB	id:	JVNDB-2014-003836	Trust: 0.8
db:	CNNVD	id:	CNNVD-201408-262	Trust: 0.7
db:	XF	id:	90753	Trust: 0.6
db:	BID	id:	69218	Trust: 0.4
db:	VULHUB	id:	VHN-68345	Trust: 0.1
db:	VULMON	id:	CVE-2014-0852	Trust: 0.1

sources: VULHUB: VHN-68345 // VULMON: CVE-2014-0852 // BID: 69218 // JVNDB: JVNDB-2014-003836 // CNNVD: CNNVD-201408-262 // NVD: CVE-2014-0852

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg21678204	Trust: 2.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1it01111	Trust: 1.8
url:	http://secunia.com/advisories/60112	Trust: 1.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90753	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0852	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0852	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/90753	Trust: 0.6
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-03.ibm.com/software/products/us/en/datapower	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/310.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-68345 // VULMON: CVE-2014-0852 // BID: 69218 // JVNDB: JVNDB-2014-003836 // CNNVD: CNNVD-201408-262 // NVD: CVE-2014-0852

CREDITS

IBM

Trust: 0.3

sources: BID: 69218

SOURCES

db:	VULHUB	id:	VHN-68345
db:	VULMON	id:	CVE-2014-0852
db:	BID	id:	69218
db:	JVNDB	id:	JVNDB-2014-003836
db:	CNNVD	id:	CNNVD-201408-262
db:	NVD	id:	CVE-2014-0852

LAST UPDATE DATE

2025-04-13T23:32:48.791000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68345	date:	2017-08-29T00:00:00
db:	VULMON	id:	CVE-2014-0852	date:	2017-08-29T00:00:00
db:	BID	id:	69218	date:	2014-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-003836	date:	2014-08-19T00:00:00
db:	CNNVD	id:	CNNVD-201408-262	date:	2014-08-19T00:00:00
db:	NVD	id:	CVE-2014-0852	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68345	date:	2014-08-16T00:00:00
db:	VULMON	id:	CVE-2014-0852	date:	2014-08-16T00:00:00
db:	BID	id:	69218	date:	2014-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-003836	date:	2014-08-19T00:00:00
db:	CNNVD	id:	CNNVD-201408-262	date:	2014-08-19T00:00:00
db:	NVD	id:	CVE-2014-0852	date:	2014-08-16T04:39:55.677