CVE-2016-0323

EUVD-2016-0358
The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
ibmbluemix
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21979682
http://www-01.ibm.com/support/docview.wss?uid=swg21979682