Encryption Key Vulnerability in IBM Platform Symphony by IBM
CVE-2013-6305

Currently unrated

Key Information:

Vendor: IBM
Status: Platform Symphony
Vendor: CVE Published:; 21 January 2014

Summary

In IBM Platform Symphony versions prior to specified builds, the use of a common encryption key across multiple customers' installations poses a significant security risk. This vulnerability allows context-dependent attackers to exploit knowledge of the shared encryption key, enabling them to gain unauthorized access to sensitive information stored in the software. As such, users of these affected versions are advised to take immediate action to update their installations and mitigate potential data exposure.

References

http://osvdb.org/102262

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/88536

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=isg3T1020528

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 21, 2014
Vulnerability Reserved
Oct 31, 2013