CVE-2014-3089

The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21681554	Vendor Advisory
http://www.securityfocus.com/bid/69300
https://exchange.xforce.ibmcloud.com/vulnerabilities/94255

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_directory_server:5.2.1:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.2.0.2:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.1.1.1:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.1.1:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.1.1.2:::::::*
	cpe:2.3:a:ibm:rational_directory_administrator:6.0:::::::*
	cpe:2.3:a:ibm:rational_directory_administrator:6.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.2.0.1:::::::*
	cpe:2.3:a:ibm:rational_directory_server:5.2:::::::*

Information

Published : 2014-08-21 18:55

Updated : 2017-08-28 18:34

NVD link : CVE-2014-3089

Mitre link : CVE-2014-3089

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

ibm

rational_directory_administrator
rational_directory_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681554", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681554", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/69300", "name": "69300", "tags": [], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94255", "name": "ibm-rds-cve20143089-cleartext(94255)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3089", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-08-22T01:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:rational_directory_server:5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_directory_server:5.2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_directory_server:5.1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_directory_server:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_directory_server:5.1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_directory_administrator:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_directory_administrator:6.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_directory_server:5.2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:rational_directory_server:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:34Z"}

4.9 /10