IBM WebSphere DataPower XC10 Appliance Information Leakage Vulnerability

Release date:
Updated on:

Affected Systems:
IBM WebSphere DataPower XC10 V2.1.0.0-V2.1.0.2.
IBM WebSphere DataPower XC10 V2.0.0.0-V2.0.0.3.
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-5756

IBM WebSphere DataPower XC10 Appliance is designed as an plug-in flexible cache for your enterprise infrastructure. XC10 is a combination of the powerful WebSphere DataPower hardware platform and advanced IBM distributed cache technology.

The IBM WebSphere DataPower XC10 Appliance V2.0.0.0-V2.0.0.3 and V2.1.0.0-V2.1.0.2 are configured to use the server-to-server connection types that are protected with a shared XC10 key, and all XC10 uses this key internally only, if this key is disclosed, attackers may disguise it as an XC10 server device, causing sensitive information leakage.

<* Source: IBM (ncsupp@ca.ibm.com)

Link: http://secunia.com/advisories/51319/
Http: // 192.168.7.140/vul_2.php? Vul_id = 20504 # vul_affect
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
For this reason, IBM has released a Security Bulletin (swg21615783) and corresponding patches:

Swg21615783: Security Bulletin: Potential security exposures with IBM WebSphere DataPower XC10 Appliance (CVE-2012-5758, CVE-2012-5759, CVE 2012-5756)

Link: http: // 192.168.7.140/vul_2.php? Vul_id = 20504 # vul_affect

Patch download: http://www-01.ibm.com/support/docview.wss? Uid = swg24033740

WebSphere DataPower XC10 Appliance support Website: http://www-947.ibm.com/support/entry/portal/overview/software/websphere/websphere_datapower_xc10_appliance