Lucene search

IbmCVE-2014-4835

HistoryJan 17, 2015 - 11:59 a.m.

CVE-2014-4835

2015-01-1711:59:03

CWE-200

ibm

web.nvd.nist.gov

ibm

serverguide

uxspi

toolscenter suite

9.63

credentials

logs

sensitive information

local users

file reading

vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file.

Affected configurations

Nvd

Node

ibmserverguideRange≤9.60

ibmtoolscenter_suiteRange≤9.60

ibmupdatexpress_system_packs_installerRange≤9.60

VendorProductVersionCPE
ibmserverguide*cpe:2.3:a:ibm:serverguide:*:*:*:*:*:*:*:*
ibmtoolscenter_suite*cpe:2.3:a:ibm:toolscenter_suite:*:*:*:*:*:*:*:*
ibmupdatexpress_system_packs_installer*cpe:2.3:a:ibm:updatexpress_system_packs_installer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	serverguide	*	cpe:2.3:a:ibm:serverguide::::::::
ibm	toolscenter_suite	*	cpe:2.3:a:ibm:toolscenter_suite::::::::
ibm	updatexpress_system_packs_installer	*	cpe:2.3:a:ibm:updatexpress_system_packs_installer::::::::

References

www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096777

exchange.xforce.ibmcloud.com/vulnerabilities/95629

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-4835