CVE-2012-2203

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.

Published: Aug 8, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2203
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ibm / rational_directory_server	-	-
ibm / tivoli_directory_server	-	-
ibm / global_security_kit	-	8.0.13.x
ibm / global_security_kit	7.0.4.29	7.0.4.29.x
ibm / global_security_kit	7.0.4.28	7.0.4.28.x

http://secunia.com/advisories/51279
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975
http://www-01.ibm.com/support/docview.wss?uid=swg21606145
http://www.securityfocus.com/bid/54743
https://exchange.xforce.ibmcloud.com/vulnerabilities/77280

Vulnerability Database

290,020

CVE-2012-2203