CVE-2014-4788

2014-09-1010:55:08

CWE-255

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.004

Percentile

73.7%

JSON

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Affected configurations

Nvd

Node

ibminitiate_master_data_serviceMatch9.5

ibminitiate_master_data_serviceMatch9.7

ibminitiate_master_data_serviceMatch10.0

ibminitiate_master_data_serviceMatch10.1

VendorProductVersionCPE
ibminitiate_master_data_service9.5cpe:2.3:a:ibm:initiate_master_data_service:9.5:*:*:*:*:*:*:*
ibminitiate_master_data_service9.7cpe:2.3:a:ibm:initiate_master_data_service:9.7:*:*:*:*:*:*:*
ibminitiate_master_data_service10.0cpe:2.3:a:ibm:initiate_master_data_service:10.0:*:*:*:*:*:*:*
ibminitiate_master_data_service10.1cpe:2.3:a:ibm:initiate_master_data_service:10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	initiate_master_data_service	9.5	cpe:2.3:a:ibm:initiate_master_data_service:9.5:::::::*
ibm	initiate_master_data_service	9.7	cpe:2.3:a:ibm:initiate_master_data_service:9.7:::::::*
ibm	initiate_master_data_service	10.0	cpe:2.3:a:ibm:initiate_master_data_service:10.0:::::::*
ibm	initiate_master_data_service	10.1	cpe:2.3:a:ibm:initiate_master_data_service:10.1:::::::*