CVE-2012-5756
https://notcve.org/view.php?id=CVE-2012-5756
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y v2.1.0.0 hasta v2.1.0.2, cuando una configuración colectiva está habilitada, tiene una única clave secreta que se comparte entre diferentes instalaciones de los clientes, lo que permite a atacantes remotos falsificar un servidor de contenedores mediante (1) escuchando la red para localizar una transmisión en texto claro de esta clave o (2) el conocimiento de esta llave de otra instalación. • http://secunia.com/advisories/51319 http://www-01.ibm.com/support/docview.wss?uid=swg1PM68926 http://www-01.ibm.com/support/docview.wss?uid=swg21615783 http://www-01.ibm.com/support/docview.wss?uid=swg24033740 http://www.securityfocus.com/bid/56617 http://www.securitytracker.com/id?1027798 https://exchange.xforce.ibmcloud.com/vulnerabilities/79921 • CWE-310: Cryptographic Issues •
CVE-2012-5759
https://notcve.org/view.php?id=CVE-2012-5759
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y 2.1.0.0 hasta v2.1.0.2 permite a usuarios remotos autenticados para eludir los requisitos de roles de administración y realizar operaciones JMX arbitrarias a través de vectores no especificados. • http://osvdb.org/87620 http://secunia.com/advisories/51319 http://www-01.ibm.com/support/docview.wss?uid=swg1IC85748 http://www-01.ibm.com/support/docview.wss?uid=swg21615783 http://www-01.ibm.com/support/docview.wss?uid=swg24033740 http://www.securityfocus.com/bid/56617 http://www.securitytracker.com/id?1027798 https://exchange.xforce.ibmcloud.com/vulnerabilities/80062 • CWE-264: Permissions, Privileges, and Access Controls •