CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/301788 | Third Party Advisory US Government Resource |
http://www.kb.cert.org/vuls/id/JLAD-9X4SPN | Third Party Advisory US Government Resource |
http://www.kb.cert.org/vuls/id/301788 | Third Party Advisory US Government Resource |
http://www.kb.cert.org/vuls/id/JLAD-9X4SPN | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/301788 - Third Party Advisory, US Government Resource | |
References | () http://www.kb.cert.org/vuls/id/JLAD-9X4SPN - Third Party Advisory, US Government Resource |
Information
Published : 2015-06-24 10:59
Updated : 2024-11-21 02:11
NVD link : CVE-2014-4875
Mitre link : CVE-2014-4875
CVE.ORG link : CVE-2014-4875
JSON object : View
Products Affected
toshiba
- chec