CVE-2014-0646

The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2014-04/0191.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:rsa_access_manager:6.1:sp3::::::
	cpe:2.3:a:emc:rsa_access_manager:6.1:sp4::::::
	cpe:2.3:a:emc:rsa_access_manager:6.2:-::::::
	cpe:2.3:a:emc:rsa_access_manager:6.2:sp1::::::

History

No history.

Information

Published : 2014-05-01 17:29

Updated : 2024-02-28 12:20

NVD link : CVE-2014-0646

Mitre link : CVE-2014-0646

CVE.ORG link : CVE-2014-0646

JSON object : View

Products Affected

emc

rsa_access_manager

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2014-0646", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-01T17:29:56.697", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0191.html", "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files."}, {"lang": "es", "value": "El componente runtime WS en el servidor en EMC RSA Access Manager 6.1.3 anterior a 6.1.3.39, 6.1.4 anterior a 6.1.4.22, 6.2.0 anterior a 6.2.0.11 y 6.2.1 anterior a 6.2.1.03, cuando el registro INFO est\u00e1 habilitado, permite a usuarios locales descubrir contrase\u00f1as en texto plano mediante la lectura de archivos de registro."}], "lastModified": "2014-05-02T13:49:06.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_access_manager:6.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85D107C1-EBA6-4DD0-AAAC-2BA1ED6C4625"}, {"criteria": "cpe:2.3:a:emc:rsa_access_manager:6.1:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "245A27D5-4210-4085-B629-A2C7F2F209C1"}, {"criteria": "cpe:2.3:a:emc:rsa_access_manager:6.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73198FA0-127B-44FC-8908-EE8888CC7A76"}, {"criteria": "cpe:2.3:a:emc:rsa_access_manager:6.2:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "710517F1-6C8C-43D7-94CE-AD934075E766"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}