CVE-2012-4832

{"id": "CVE-2012-4832", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-31T12:06:18.080", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78906", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78906", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."}, {"lang": "es", "value": "Information Services Framework (ISF) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y 8.7 y InfoSphere Business Glossary v8.1.1 y v8.1.2 no tiene un atributo de no autocompletar el campo de contrase\u00f1a en la p\u00e1gina de inicio de sesi\u00f3n, lo que hace que sea m\u00e1s f\u00e1cil por atacantes remotos obtener acceso mediante el aprovechamiento de una estaci\u00f3n de trabajo sin vigilancia."}], "lastModified": "2024-11-21T01:43:34.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_business_glossary:8.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BE8D7B9-C7A0-4AC4-B70C-E1EB69827DA9"}, {"criteria": "cpe:2.3:a:ibm:infosphere_business_glossary:8.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D14BE62-362F-4386-A472-97D8B7013A3C"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "317FAE67-76E2-4084-9393-8A02D255BAF5"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA7096B4-291F-49BB-8DBC-E67AC901CF08"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D547E88D-FE3F-4C90-B7D8-301A1449E9AB"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5585D2C4-6575-4469-A6EF-CCDC3A0BEDB2"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42A9CF5C-79EC-4BBF-92AF-2AB3DC125684"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21623501\r\n\r\n\"CVSS Base Score: 1.9 / CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N)\"\r\n\r\n", "sourceIdentifier": "psirt@us.ibm.com"}