CVE-2012-5756

Name of the Vulnerable Software and Affected Versions IBM WebSphere DataPower XC10 Appliance versions 2.0.0.0 through 2.0.0.3 IBM WebSphere DataPower XC10 Appliance versions 2.1.0.0 through 2.1.0.2

Description The issue allows remote attackers to spoof a container server by either sniffing the network to locate a cleartext transmission of the shared secret key or leveraging knowledge of this key from another installation, when a collective configuration is enabled.

Recommendations For versions 2.0.0.0 through 2.0.0.3, consider disabling the collective configuration to minimize the risk of exploitation until a fix is available. For versions 2.1.0.0 through 2.1.0.2, consider disabling the collective configuration to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.