CVE-2014-0646
Severity Score
6.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files.
El componente runtime WS en el servidor en EMC RSA Access Manager 6.1.3 anterior a 6.1.3.39, 6.1.4 anterior a 6.1.4.22, 6.2.0 anterior a 6.2.0.11 y 6.2.1 anterior a 6.2.1.03, cuando el registro INFO está habilitado, permite a usuarios locales descubrir contraseñas en texto plano mediante la lectura de archivos de registro.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-01-02 CVE Reserved
- 2014-05-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-04/0191.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Rsa Access Manager Search vendor "Emc" for product "Rsa Access Manager" | 6.1 Search vendor "Emc" for product "Rsa Access Manager" and version "6.1" | sp3 |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Access Manager Search vendor "Emc" for product "Rsa Access Manager" | 6.1 Search vendor "Emc" for product "Rsa Access Manager" and version "6.1" | sp4 |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Access Manager Search vendor "Emc" for product "Rsa Access Manager" | 6.2 Search vendor "Emc" for product "Rsa Access Manager" and version "6.2" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Access Manager Search vendor "Emc" for product "Rsa Access Manager" | 6.2 Search vendor "Emc" for product "Rsa Access Manager" and version "6.2" | sp1 |
Affected
| ||||||