CVE-2014-0839

IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21665005	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90696

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_focal_point:6.4:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.4.0.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.4.1.0:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.4.1.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.4.1.2:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.0.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.0.2:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.1.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.2:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.2.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.2.2:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.2.3:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.6:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.6.0.1:::::::*

History

No history.

Information

Published : 2014-02-26 01:29

Updated : 2024-02-04 18:35

NVD link : CVE-2014-0839

Mitre link : CVE-2014-0839

CVE.ORG link : CVE-2014-0839

JSON object : View

Products Affected

ibm

rational_focal_point

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-0839", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-26T01:29:36.577", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665005", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90696", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference."}, {"lang": "es", "value": "IBM Rational Focal Point 6.4.x y 6.5.x anterior a 6.5.2.3 y 6.6.x anterior a 6.6.1 permite a usuarios remotos autenticados modificar datos a trav\u00e9s de vectores involucrando una referencia a un objeto directo."}], "lastModified": "2017-08-29T01:34:16.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46577E1B-77E6-4FE6-8B1F-F2A61FB0C15F"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30870B43-5757-43FC-BB10-DC0FD6996DFE"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44678DC6-2D43-412D-89E0-F92B89BE1FD5"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "253B6795-4B4B-4CD0-97EB-ACD1587C497A"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7A94966-DD5E-490F-BDEE-2AEA9EECBFA5"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B52DB62D-5D12-4AE4-8A14-EA2782A92CA2"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55D71481-7552-4BE7-9BD0-C45BC5AAC3D2"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12B184B3-679B-4F27-9168-142090F99333"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1C89D96-8E49-4B4D-8D63-C240F5E9B439"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BF5FBBF-750D-49FF-97E8-91E9D29D53DA"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08F0C674-068D-43F9-BADE-0707008FF47F"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD4F5963-909C-404E-AF58-885DBBC78FB2"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F7B0657-4C0D-4CE7-8AB9-996EFF1DE4E2"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C3CD52F-48BB-49AD-BF77-DC5762051950"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A872F738-296B-443F-B6E1-5B8200A05270"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDD57F9E-5569-4F38-8C1B-BF033498639E"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "794382A6-042F-4036-B7DA-702135B1BE51"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}