Remote Spoofing Vulnerability in IBM WebSphere DataPower XC10 Appliance
CVE-2012-5756

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Datapower Xc10 Appliance
Vendor: CVE Published:; 23 November 2012

Summary

The IBM WebSphere DataPower XC10 Appliance versions 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 contain a vulnerability that allows remote attackers to impersonate a container server. This occurs due to the use of a single shared secret key across multiple customers' installations when a collective configuration is enabled. Attackers could exploit this by either intercepting the key through network sniffing or utilizing their knowledge of the key from another installation, leading to unauthorized access and potential data breaches.

References

http://www-01.ibm.com/support/docview.wss?uid=swg24033740

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1PM68926

vendor-advisoryx_refsource_AIXAPAR

http://www.securityfocus.com/bid/56617

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 23, 2012
Vulnerability Reserved
Nov 2, 2012