Lucene search

IbmCVE-2014-0842

HistoryFeb 26, 2014 - 1:29 a.m.

CVE-2014-0842

2014-02-2601:29:36

CWE-255

ibm

web.nvd.nist.gov

ibm

rational

focal point

account creation

vulnerability

cve-2014-0842

nvd

html

source code

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

69.0%

JSON

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user’s default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.

Affected configurations

Nvd

Node

ibmrational_focal_pointMatch6.4

ibmrational_focal_pointMatch6.4.0.1

ibmrational_focal_pointMatch6.4.1.0

ibmrational_focal_pointMatch6.4.1.1

ibmrational_focal_pointMatch6.4.1.2

ibmrational_focal_pointMatch6.4.1.3

ibmrational_focal_pointMatch6.5

ibmrational_focal_pointMatch6.5.0.1

ibmrational_focal_pointMatch6.5.0.2

ibmrational_focal_pointMatch6.5.1

ibmrational_focal_pointMatch6.5.1.1

ibmrational_focal_pointMatch6.5.2

ibmrational_focal_pointMatch6.5.2.1

ibmrational_focal_pointMatch6.5.2.2

ibmrational_focal_pointMatch6.5.2.3

ibmrational_focal_pointMatch6.6

ibmrational_focal_pointMatch6.6.0.1

VendorProductVersionCPE
ibmrational_focal_point6.4cpe:2.3:a:ibm:rational_focal_point:6.4:*:*:*:*:*:*:*
ibmrational_focal_point6.4.0.1cpe:2.3:a:ibm:rational_focal_point:6.4.0.1:*:*:*:*:*:*:*
ibmrational_focal_point6.4.1.0cpe:2.3:a:ibm:rational_focal_point:6.4.1.0:*:*:*:*:*:*:*
ibmrational_focal_point6.4.1.1cpe:2.3:a:ibm:rational_focal_point:6.4.1.1:*:*:*:*:*:*:*
ibmrational_focal_point6.4.1.2cpe:2.3:a:ibm:rational_focal_point:6.4.1.2:*:*:*:*:*:*:*
ibmrational_focal_point6.4.1.3cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:*:*:*:*:*:*:*
ibmrational_focal_point6.5cpe:2.3:a:ibm:rational_focal_point:6.5:*:*:*:*:*:*:*
ibmrational_focal_point6.5.0.1cpe:2.3:a:ibm:rational_focal_point:6.5.0.1:*:*:*:*:*:*:*
ibmrational_focal_point6.5.0.2cpe:2.3:a:ibm:rational_focal_point:6.5.0.2:*:*:*:*:*:*:*
ibmrational_focal_point6.5.1cpe:2.3:a:ibm:rational_focal_point:6.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_focal_point	6.4	cpe:2.3:a:ibm:rational_focal_point:6.4:::::::*
ibm	rational_focal_point	6.4.0.1	cpe:2.3:a:ibm:rational_focal_point:6.4.0.1:::::::*
ibm	rational_focal_point	6.4.1.0	cpe:2.3:a:ibm:rational_focal_point:6.4.1.0:::::::*
ibm	rational_focal_point	6.4.1.1	cpe:2.3:a:ibm:rational_focal_point:6.4.1.1:::::::*
ibm	rational_focal_point	6.4.1.2	cpe:2.3:a:ibm:rational_focal_point:6.4.1.2:::::::*
ibm	rational_focal_point	6.4.1.3	cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:::::::*
ibm	rational_focal_point	6.5	cpe:2.3:a:ibm:rational_focal_point:6.5:::::::*
ibm	rational_focal_point	6.5.0.1	cpe:2.3:a:ibm:rational_focal_point:6.5.0.1:::::::*
ibm	rational_focal_point	6.5.0.2	cpe:2.3:a:ibm:rational_focal_point:6.5.0.2:::::::*
ibm	rational_focal_point	6.5.1	cpe:2.3:a:ibm:rational_focal_point:6.5.1:::::::*

Rows per page:

1-10 of 171

References

www-01.ibm.com/support/docview.wss?uid=swg21665005

exchange.xforce.ibmcloud.com/vulnerabilities/90706

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

69.0%

JSON

Related for CVE-2014-0842