CVE-2014-4835

IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096777	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95629

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:serverguide::::::::
	cpe:2.3:a:ibm:toolscenter_suite::::::::
	cpe:2.3:a:ibm:updatexpress_system_packs_installer::::::::

History

No history.

Information

Published : 2015-01-17 11:59

Updated : 2023-12-10 11:31

NVD link : CVE-2014-4835

Mitre link : CVE-2014-4835

CVE.ORG link : CVE-2014-4835

JSON object : View

Products Affected

ibm

toolscenter_suite
serverguide
updatexpress_system_packs_installer

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2014-4835", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-17T11:59:03.157", "references": [{"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096777", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95629", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file."}, {"lang": "es", "value": "IBM ServerGuide anterior a 9.63, UpdateXpress System Packs Installer (UXSPI) anterior a 9.63, y ToolsCenter Suite anterior a 9.63 colocan credenciales en registros, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un fichero."}], "lastModified": "2017-08-29T01:35:09.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:serverguide:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "806BF4AB-D601-458A-B510-B060C49C7D84", "versionEndIncluding": "9.60"}, {"criteria": "cpe:2.3:a:ibm:toolscenter_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC9B810A-0D65-43CE-A263-ADE4B22DD365", "versionEndIncluding": "9.60"}, {"criteria": "cpe:2.3:a:ibm:updatexpress_system_packs_installer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C050948-62B1-46DF-846B-B515BF858FB2", "versionEndIncluding": "9.60"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}