CVE-2012-2203

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/51279
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975
http://www-01.ibm.com/support/docview.wss?uid=swg21606145	Vendor Advisory
http://www.securityfocus.com/bid/54743
https://exchange.xforce.ibmcloud.com/vulnerabilities/77280

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:global_security_kit::::::::
	cpe:2.3:a:ibm:global_security_kit:7.0.4.28:::::::*
	cpe:2.3:a:ibm:global_security_kit:7.0.4.29:::::::*
	cpe:2.3:a:ibm:rational_directory_server::::::::
	cpe:2.3:a:ibm:tivoli_directory_server::::::::

History

No history.

Information

Published : 2012-08-08 10:26

Updated : 2023-12-10 11:16

NVD link : CVE-2012-2203

Mitre link : CVE-2012-2203

CVE.ORG link : CVE-2012-2203

JSON object : View

Products Affected

ibm

rational_directory_server
global_security_kit
tivoli_directory_server

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2012-2203", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-08T10:26:18.813", "references": [{"url": "http://secunia.com/advisories/51279", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/54743", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77280", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate."}, {"lang": "es", "value": "IBM Global Security Kit (tambi\u00e9n conocido como GSKit) anterior a v8.0.14.22, como se utiliza en IBM Directory Server Rational de IBM Tivoli Directory Server y otros productos, utiliza el formato PKCS # 12 para los objetos de archivo de certificado, sin exigir la integridad del archivo, lo que hace m\u00e1s f\u00e1cil para a atacantes remotos falsificar servidores SSL a trav\u00e9s de vectores relacionados con la inserci\u00f3n de una arbitraria ra\u00edz de Autoridad de Certificaci\u00f3n (CA) de certificados"}], "lastModified": "2017-08-29T01:31:33.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:global_security_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDD46A9C-9DB2-4B61-BCEA-DC5AB03DCD7E", "versionEndIncluding": "8.0.13"}, {"criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FD561AD-2421-4AA6-B3C5-6536F6933526"}, {"criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00E509BA-4B47-4EDE-86DC-2E666D2D74E0"}, {"criteria": "cpe:2.3:a:ibm:rational_directory_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0651DE7C-B8EB-4214-981B-561256C5473A"}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "871E249E-CB31-46A4-9E4F-274C6055C33A"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}