What is CVE-2017-1473?

CVE-2017-1473 is a vulnerability in IBM Security Access Manager Appliance version 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 that uses weaker than expected cryptographic algorithms.

What is the severity of CVE-2017-1473?

The severity of CVE-2017-1473 is high with a CVSS score of 7.5.

How can I check if I am affected by CVE-2017-1473?

You can check if you are affected by CVE-2017-1473 by verifying your IBM Security Access Manager Appliance version. If you are using version 8.0.0 through 8.0.1.6 or 9.0.0 through 9.0.3.1, you may be affected.

How do I fix CVE-2017-1473?

To fix CVE-2017-1473, it is recommended to update your IBM Security Access Manager Appliance to a version that does not use weaker cryptographic algorithms.

Vulnerability/
CVE-2017-1473

high

7.5

CWE

326

23/4/2018

16/9/2024

CVE-2017-1473: Weak Encryption

First published: Mon Apr 23 2018(Updated: )

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Security Access Manager For Web Firmware	=8.0.0
Ibm Security Access Manager For Web Firmware	=8.0.0.1
Ibm Security Access Manager For Web Firmware	=8.0.0.2
Ibm Security Access Manager For Web Firmware	=8.0.0.3
Ibm Security Access Manager For Web Firmware	=8.0.0.4
Ibm Security Access Manager For Web Firmware	=8.0.0.5
Ibm Security Access Manager For Web Firmware	=8.0.1
Ibm Security Access Manager For Web Firmware	=8.0.1.2
Ibm Security Access Manager For Web Firmware	=8.0.1.3
Ibm Security Access Manager For Web Firmware	=8.0.1.4
Ibm Security Access Manager For Web Firmware	=8.0.1.5
Ibm Security Access Manager For Web Firmware	=8.0.1.6
Ibm Security Access Manager For Web Appliance
IBM Security Access Manager for Mobile	=8.0.0
IBM Security Access Manager for Mobile	=8.0.0.1
IBM Security Access Manager for Mobile	=8.0.0.2
IBM Security Access Manager for Mobile	=8.0.0.3
IBM Security Access Manager for Mobile	=8.0.0.4
IBM Security Access Manager for Mobile	=8.0.0.5
IBM Security Access Manager for Mobile	=8.0.1
IBM Security Access Manager for Mobile	=8.0.1.2
IBM Security Access Manager for Mobile	=8.0.1.3
IBM Security Access Manager for Mobile	=8.0.1.4
IBM Security Access Manager for Mobile	=8.0.1.5
IBM Security Access Manager for Mobile	=8.0.1.6
Ibm Security Access Manager For Mobile Appliance
Ibm Security Access Manager Firmware	=9.0.0
Ibm Security Access Manager Firmware	=9.0.0.1
Ibm Security Access Manager Firmware	=9.0.1.0
Ibm Security Access Manager Firmware	=9.0.2.0
Ibm Security Access Manager Firmware	=9.0.2.1
Ibm Security Access Manager Firmware	=9.0.3
Ibm Security Access Manager Firmware	=9.0.3.1
IBM Security Access Manager Appliance

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-1473?
CVE-2017-1473 is a vulnerability in IBM Security Access Manager Appliance version 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 that uses weaker than expected cryptographic algorithms.
What is the severity of CVE-2017-1473?
The severity of CVE-2017-1473 is high with a CVSS score of 7.5.
How can I check if I am affected by CVE-2017-1473?
You can check if you are affected by CVE-2017-1473 by verifying your IBM Security Access Manager Appliance version. If you are using version 8.0.0 through 8.0.1.6 or 9.0.0 through 9.0.3.1, you may be affected.
What is the impact of CVE-2017-1473?
CVE-2017-1473 could allow an attacker to decrypt highly sensitive information.
How do I fix CVE-2017-1473?
To fix CVE-2017-1473, it is recommended to update your IBM Security Access Manager Appliance to a version that does not use weaker cryptographic algorithms.

collector/nvd-index
agent/severity
agent/references
agent/author
agent/description
agent/weakness
agent/type
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm security access manager for web firmware
version/ibm security access manager for web firmware/8.0.0
version/ibm security access manager for web firmware/8.0.0.1
version/ibm security access manager for web firmware/8.0.0.2
version/ibm security access manager for web firmware/8.0.0.3
version/ibm security access manager for web firmware/8.0.0.4
version/ibm security access manager for web firmware/8.0.0.5
version/ibm security access manager for web firmware/8.0.1
version/ibm security access manager for web firmware/8.0.1.2
version/ibm security access manager for web firmware/8.0.1.3
version/ibm security access manager for web firmware/8.0.1.4
version/ibm security access manager for web firmware/8.0.1.5
version/ibm security access manager for web firmware/8.0.1.6
canonical/ibm security access manager for web appliance
canonical/ibm security access manager for mobile
version/ibm security access manager for mobile/8.0.0
version/ibm security access manager for mobile/8.0.0.1
version/ibm security access manager for mobile/8.0.0.2
version/ibm security access manager for mobile/8.0.0.3
version/ibm security access manager for mobile/8.0.0.4
version/ibm security access manager for mobile/8.0.0.5
version/ibm security access manager for mobile/8.0.1
version/ibm security access manager for mobile/8.0.1.2
version/ibm security access manager for mobile/8.0.1.3
version/ibm security access manager for mobile/8.0.1.4
version/ibm security access manager for mobile/8.0.1.5
version/ibm security access manager for mobile/8.0.1.6
canonical/ibm security access manager for mobile appliance
canonical/ibm security access manager firmware
version/ibm security access manager firmware/9.0.0
version/ibm security access manager firmware/9.0.0.1
version/ibm security access manager firmware/9.0.1.0
version/ibm security access manager firmware/9.0.2.0
version/ibm security access manager firmware/9.0.2.1
version/ibm security access manager firmware/9.0.3
version/ibm security access manager firmware/9.0.3.1
canonical/ibm security access manager appliance

CVE-2017-1473: Weak Encryption

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-1473?

What is the severity of CVE-2017-1473?

How can I check if I am affected by CVE-2017-1473?

What is the impact of CVE-2017-1473?

How do I fix CVE-2017-1473?

Company

Resources

Contact