{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-09-07T18:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "92623", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92623"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6899", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "92623", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92623"}, {"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6899", "datePublished": "2016-09-07T19:00:00", "dateReserved": "2016-08-22T00:00:00", "dateUpdated": "2016-09-07T18:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:rh5885_v3_server_firmware:v100r003c01:*:*:*:*:*:*:*", "matchCriteriaId": "738BC343-71EE-4FDE-829A-4E528E222360", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:rh5885_v3_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "07B3E187-6185-4FE8-A0A2-DCD87903140B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "AE7DF842-021C-422A-BCE5-17BEE7FAA950", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "93439764-5BA1-49B0-B337-5C2C62C3A962", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:rh2288h_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "33CE73B9-21F6-4175-9C60-159F862B98B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "E5C5F600-30B6-4098-B0C5-E20A722957A9", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:xh622_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "91123A12-63C1-422F-86C5-C0A6E2C1E8C5", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:xh628_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "443F96DD-C3E8-4A8C-8FFC-D8E750DFDCB2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:rh1288_v3_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF7BCC07-7475-48F0-BF51-C86B8548AE62", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:rh2288_v3_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "04129772-90A9-4FD1-935F-08EEF6D06A3B", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:rh2288h_v3_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "20FCB034-2A59-406F-A7B7-0C098E360E17", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:xh620_v3_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "51480E77-61B8-4F1B-8FAE-E4ADF3279999", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:xh622_v3_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED6D095D-5546-44BE-A8FD-4C22EC297AF9", "vulnerable": false}, {"criteria": "cpe:2.3:h:huawei:xh628_v3_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AB59F25-E2C1-4017-8875-BE60C540F2B1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm."}, {"lang": "es", "value": "Intelligent Baseboard Management Controller (iBMC) en servidores Huawei RH1288 V3 con software anterior a V100R003C00SPC613, servidores RH2288 V3 con software anterior a V100R003C00SPC617, servidores RH2288H V3 con software anterior a V100R003C00SPC515, servidores RH5885 V3 con software anterior a V100R003C10SPC102 y XH620 V3, XH622 V3 y servidores XH628 V3 con software anterior a V100R003C00SPC610 podr\u00eda permitir a atacantes remotos descepcriptar datos encriptados y consecuentemente obtener informaci\u00f3n sensible, mediante el aprovechamiento de la selecci\u00f3n de un cifrado de algoritmo inseguro SSL."}], "id": "CVE-2016-6899", "lastModified": "2016-09-08T19:17:02.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-07T19:28:20.443", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92623"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}