Information disclosure in Ibm Security_access_manager_for_web_7.0_firmware

CVE-2015-1892

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers…

Vulnerability class: Information Disclosure

EPSS: 0.025 (85.5th percentile) — read the EPSS interpretation.

Affected products

Ibm Security_access_manager_for_web_7.0_firmware
Ibm Security_access_manager_for_web_8.0_firmware — versions 8.0.0.1, 8.0.0.2, 8.0.0.3
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

73683 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
VU#550620 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
IV70911 (vendor-advisory, x_refsource_AIXAPAR)
IV70913 (vendor-advisory, x_refsource_AIXAPAR)
psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)