Lucene search

IbmCVE-2012-0700

HistoryJan 31, 2013 - 12:06 p.m.

CVE-2012-0700

2013-01-3112:06:17

CWE-255

ibm

web.nvd.nist.gov

infosphere

fasttrack

ibm

information server

cve-2012-0700

credential storage

access restrictions

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.

Affected configurations

Nvd

Node

ibminfosphere_fasttrackMatch8.1

ibminfosphere_fasttrackMatch8.1.1

ibminfosphere_fasttrackMatch8.1.2

ibminfosphere_fasttrackMatch8.5

ibminfosphere_fasttrackMatch8.7

ibminfosphere_information_serverMatch8.1

ibminfosphere_information_serverMatch8.5

ibminfosphere_information_serverMatch8.5.0.1

ibminfosphere_information_serverMatch8.5.0.2

ibminfosphere_information_serverMatch8.7

VendorProductVersionCPE
ibminfosphere_fasttrack8.1cpe:2.3:a:ibm:infosphere_fasttrack:8.1:*:*:*:*:*:*:*
ibminfosphere_fasttrack8.1.1cpe:2.3:a:ibm:infosphere_fasttrack:8.1.1:*:*:*:*:*:*:*
ibminfosphere_fasttrack8.1.2cpe:2.3:a:ibm:infosphere_fasttrack:8.1.2:*:*:*:*:*:*:*
ibminfosphere_fasttrack8.5cpe:2.3:a:ibm:infosphere_fasttrack:8.5:*:*:*:*:*:*:*
ibminfosphere_fasttrack8.7cpe:2.3:a:ibm:infosphere_fasttrack:8.7:*:*:*:*:*:*:*
ibminfosphere_information_server8.1cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*
ibminfosphere_information_server8.5cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*
ibminfosphere_information_server8.5.0.1cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*
ibminfosphere_information_server8.5.0.2cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*
ibminfosphere_information_server8.7cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	infosphere_fasttrack	8.1	cpe:2.3:a:ibm:infosphere_fasttrack:8.1:::::::*
ibm	infosphere_fasttrack	8.1.1	cpe:2.3:a:ibm:infosphere_fasttrack:8.1.1:::::::*
ibm	infosphere_fasttrack	8.1.2	cpe:2.3:a:ibm:infosphere_fasttrack:8.1.2:::::::*
ibm	infosphere_fasttrack	8.5	cpe:2.3:a:ibm:infosphere_fasttrack:8.5:::::::*
ibm	infosphere_fasttrack	8.7	cpe:2.3:a:ibm:infosphere_fasttrack:8.7:::::::*
ibm	infosphere_information_server	8.1	cpe:2.3:a:ibm:infosphere_information_server:8.1:::::::*
ibm	infosphere_information_server	8.5	cpe:2.3:a:ibm:infosphere_information_server:8.5:::::::*
ibm	infosphere_information_server	8.5.0.1	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:::::::*
ibm	infosphere_information_server	8.5.0.2	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:::::::*
ibm	infosphere_information_server	8.7	cpe:2.3:a:ibm:infosphere_information_server:8.7:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21623501

exchange.xforce.ibmcloud.com/vulnerabilities/73266

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2012-0700