CVE-2014-3089

The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21681554	Vendor Advisory
http://www.securityfocus.com/bid/69300
https://exchange.xforce.ibmcloud.com/vulnerabilities/94255

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_directory_administrator:6.0:::::::*
	cpe:2.3:a:ibm:rational_directory_administrator:6.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.1.1:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.1.1.1:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.1.1.2:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.2:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.2.0.1:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.2.0.2:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.2.1:::::::*

History

No history.

Information

Published : 2014-08-22 01:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-3089

Mitre link : CVE-2014-3089

CVE.ORG link : CVE-2014-3089

JSON object : View

Products Affected

ibm

rational_directory_server
rational_directory_administrator

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2014-3089", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-22T01:55:08.230", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681554", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/69300", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94255", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file."}, {"lang": "es", "value": "La librar\u00eda RDS Java Client en IBM Rational Directory Server (RDS) 5.1.1.x anterior a 5.1.1.2 iFix004 y 5.2.x anterior a 5.2.1 iFix003, y Rational Directory Administrator (RDA) 6.0 anterior a iFix002, incluye la contrase\u00f1a root en texto plano lo permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un fichero de la librar\u00eda."}], "lastModified": "2017-08-29T01:34:38.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_directory_administrator:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3133BA9-2C59-498D-B86B-235F383D2CD7"}, {"criteria": "cpe:2.3:a:ibm:rational_directory_administrator:6.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EE3A640-291B-4D9A-9D36-A48D10965278"}, {"criteria": "cpe:2.3:a:ibm:rational_directory_server:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "863115B5-B43A-4926-957F-3D0518CB8E62"}, {"criteria": "cpe:2.3:a:ibm:rational_directory_server:5.1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "993B628A-3C52-461A-A507-A40BE4C823DA"}, {"criteria": "cpe:2.3:a:ibm:rational_directory_server:5.1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B666029A-3701-4E2B-BFF9-392AE50CED2B"}, {"criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3279036F-BE1A-44FD-AF4C-9C61A1F165D5"}, {"criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE5852C2-A255-427B-A27F-ED792DA8FB9E"}, {"criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "950DD182-C8EE-45B8-A32E-213CFC26DCEC"}, {"criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE944B72-F1C2-48B3-82D8-FF21938B53B4"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}