Lucene search

[email protected]CVE-2012-0742

HistoryApr 09, 2012 - 8:55 p.m.

CVE-2012-0742

2012-04-0920:55:02

CWE-200

[email protected]

web.nvd.nist.gov

ibm

tivoli

event pump

4.2.2

credentials

exposure

cve-2012-0742

nvd

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data.

Affected configurations

NVD

Node

ibmtivoli_event_pumpMatch4.2.2

VendorProductVersionCPE
ibmtivoli_event_pump4.2.2cpe:/a:ibm:tivoli_event_pump:4.2.2:::

Vendor	Product	Version	CPE
ibm	tivoli_event_pump	4.2.2	cpe:/a:ibm:tivoli_event_pump:4.2.2:::

References

www-01.ibm.com/support/docview.wss?uid=swg1OA38586

exchange.xforce.ibmcloud.com/vulnerabilities/74641

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2012-0742

nvd1 cvelist1 prion1