CVE-2008-4807

IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/32466	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27014008
http://www.securityfocus.com/bid/31989
https://exchange.xforce.ibmcloud.com/vulnerabilities/46213

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_connections::::::::
	cpe:2.3:a:ibm:lotus_connections:1.0.2:::::::*

History

No history.

Information

Published : 2008-10-31 18:09

Updated : 2024-02-28 11:21

NVD link : CVE-2008-4807

Mitre link : CVE-2008-4807

CVE.ORG link : CVE-2008-4807

JSON object : View

Products Affected

ibm

lotus_connections

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2008-4807", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-10-31T18:09:08.477", "references": [{"url": "http://secunia.com/advisories/32466", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31989", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46213", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "Lotus Connections 2.x anterior a v2.0.1 de IBM almacena la contrase\u00f1a para el usuario administrador en el archivo trace.log, lo que permite a usuarios locales obtner informaci\u00f3n sensible leyendo este archivo. NOTA: el origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."}], "lastModified": "2017-08-08T01:32:56.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_connections:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73990A0F-86C8-495C-9356-9CE768F33112", "versionEndIncluding": "2.0"}, {"criteria": "cpe:2.3:a:ibm:lotus_connections:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E16C309-8D8D-42F1-8DAA-AD2D47D54113"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}