CVE-2012-2203
Last modified
CVE-2012-2203 is a vulnerability of currently unknown severity. IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.. EPSS estimates a 1.58% chance of exploitation in the next 30 days.
Description
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Global Security Kit | <= 8.0.13 |
| Ibm | Global Security Kit | 7.0.4.28 |
| Ibm | Global Security Kit | 7.0.4.29 |
| Ibm | Rational Directory Server | All versions |
| Ibm | Tivoli Directory Server | All versions |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21606145Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21606145Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-2203?
How severe is CVE-2012-2203?
How do I fix CVE-2012-2203?
Are you affected by CVE-2012-2203?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST