CVE-2014-0852 - Vulnerability Details - OpenCVE

IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Websphere Datapower Soa Appliance Websphere Datapower Soa Appliance Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:ibm:websphere_datapower_soa_appliance_firmware::::::::
	cpe:2.3:o:ibm:websphere_datapower_soa_appliance_firmware:5.0.0:::::::*
	cpe:2.3:o:ibm:websphere_datapower_soa_appliance_firmware:6.0.0:::::::*
	cpe:2.3:o:ibm:websphere_datapower_soa_appliance_firmware:6.0.1:::::::*

cpe:2.3:h:ibm:websphere_datapower_soa_appliance:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/60112
http://www-01.ibm.com/support/docview.wss?uid=swg1IT01111
http://www-01.ibm.com/support/docview.wss?uid=swg21678204
https://exchange.xforce.ibmcloud.com/vulnerabilities/90753

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-08-16T01:00:00

Updated: 2024-08-06T09:27:20.290Z

Reserved: 2014-01-06T00:00:00

Link: CVE-2014-0852

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-08-16T04:39:55.677

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-0852

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "60112", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60112"}, {"name": "IT01111", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT01111"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678204"}, {"name": "ibm-datapower-cve20140852-sidechannel(90753)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90753"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-0852", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "60112", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60112"}, {"name": "IT01111", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT01111"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678204", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678204"}, {"name": "ibm-datapower-cve20140852-sidechannel(90753)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90753"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:20.290Z"}, "title": "CVE Program Container", "references": [{"name": "60112", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60112"}, {"name": "IT01111", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT01111"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678204"}, {"name": "ibm-datapower-cve20140852-sidechannel(90753)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90753"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-0852", "datePublished": "2014-08-16T01:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2024-08-06T09:27:20.290Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:websphere_datapower_soa_appliance_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "497AD737-872C-4B7A-9164-09C05087E5B9", "versionEndIncluding": "4.0.2.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_soa_appliance_firmware:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C54FA460-80B9-4B70-98A0-073CE5457A44", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_soa_appliance_firmware:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C76A74C5-B766-402F-B59A-A9AF7F2C17D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:websphere_datapower_soa_appliance_firmware:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "92B4CB34-9F2F-4F3A-974D-476EB02314B7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:websphere_datapower_soa_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB1E9FF7-1875-4F97-9AA5-E4A7DBE991DD", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack."}, {"lang": "es", "value": "Los aparatos IBM WebSphere DataPower SOA hasta 4.0.2.15, 5.x hasta 5.0.0.17, 6.0.0.x hasta 6.0.0.9, y 6.0.1.x hasta 6.0.1.5 facilita a atacantes remotos obtener un valor PreMasterSecret y vencer los mecanismos de protecci\u00f3n criptogr\u00e1ficos mediante el env\u00edo de un n\u00famero grande de solicitudes en un ataque de tiempos de canal lateral SSL/TLS."}], "id": "CVE-2014-0852", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-16T04:39:55.677", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/60112"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT01111"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678204"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90753"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT01111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678204"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90753"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}