CVE-2014-4875

CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
References
Link Resource
http://www.kb.cert.org/vuls/id/301788 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/JLAD-9X4SPN Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/301788 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/JLAD-9X4SPN Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:toshiba:chec:*:*:*:*:*:*:*:*
cpe:2.3:a:toshiba:chec:6.7:*:*:*:*:*:*:*

History

21 Nov 2024, 02:11

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/301788 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/301788 - Third Party Advisory, US Government Resource
References () http://www.kb.cert.org/vuls/id/JLAD-9X4SPN - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/JLAD-9X4SPN - Third Party Advisory, US Government Resource

Information

Published : 2015-06-24 10:59

Updated : 2024-11-21 02:11


NVD link : CVE-2014-4875

Mitre link : CVE-2014-4875

CVE.ORG link : CVE-2014-4875


JSON object : View

Products Affected

toshiba

  • chec
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-255

Credentials Management Errors