CVE-2014-3089
Severity Score
4.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.
La libraría RDS Java Client en IBM Rational Directory Server (RDS) 5.1.1.x anterior a 5.1.1.2 iFix004 y 5.2.x anterior a 5.2.1 iFix003, y Rational Directory Administrator (RDA) 6.0 anterior a iFix002, incluye la contraseña root en texto plano lo permite a usuarios locales obtener información sensible mediante la lectura de un fichero de la libraría.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-04-29 CVE Reserved
- 2014-08-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/69300 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94255 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21681554 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Rational Directory Administrator Search vendor "Ibm" for product "Rational Directory Administrator" | 6.0 Search vendor "Ibm" for product "Rational Directory Administrator" and version "6.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Rational Directory Administrator Search vendor "Ibm" for product "Rational Directory Administrator" | 6.0.0.1 Search vendor "Ibm" for product "Rational Directory Administrator" and version "6.0.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Rational Directory Server Search vendor "Ibm" for product "Rational Directory Server" | 5.1.1 Search vendor "Ibm" for product "Rational Directory Server" and version "5.1.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Rational Directory Server Search vendor "Ibm" for product "Rational Directory Server" | 5.1.1.1 Search vendor "Ibm" for product "Rational Directory Server" and version "5.1.1.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Rational Directory Server Search vendor "Ibm" for product "Rational Directory Server" | 5.1.1.2 Search vendor "Ibm" for product "Rational Directory Server" and version "5.1.1.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Rational Directory Server Search vendor "Ibm" for product "Rational Directory Server" | 5.2 Search vendor "Ibm" for product "Rational Directory Server" and version "5.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Rational Directory Server Search vendor "Ibm" for product "Rational Directory Server" | 5.2.0.1 Search vendor "Ibm" for product "Rational Directory Server" and version "5.2.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Rational Directory Server Search vendor "Ibm" for product "Rational Directory Server" | 5.2.0.2 Search vendor "Ibm" for product "Rational Directory Server" and version "5.2.0.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Rational Directory Server Search vendor "Ibm" for product "Rational Directory Server" | 5.2.1 Search vendor "Ibm" for product "Rational Directory Server" and version "5.2.1" | - |
Affected
| ||||||