CVE-2014-0842

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21665005	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90706

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_focal_point:6.4:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.4.0.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.4.1.0:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.4.1.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.4.1.2:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.0.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.0.2:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.1.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.2:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.2.1:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.2.2:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.5.2.3:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.6:::::::*
	cpe:2.3:a:ibm:rational_focal_point:6.6.0.1:::::::*

History

No history.

Information

Published : 2014-02-26 01:29

Updated : 2024-02-04 18:35

NVD link : CVE-2014-0842

Mitre link : CVE-2014-0842

CVE.ORG link : CVE-2014-0842

JSON object : View

Products Affected

ibm

rational_focal_point

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2014-0842", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-26T01:29:36.717", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665005", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90706", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code."}, {"lang": "es", "value": "La funcionalidad account-creation en IBM Rational Focal Point 6.4.x y 6.5.x anterior a 6.5.2.3 y 6.6.x anterior a 6.6.1 coloca la contrase\u00f1a nueva por defecto del usuario dentro de la p\u00e1gina de creaci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura del c\u00f3digo fuente HTML."}], "lastModified": "2017-08-29T01:34:16.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46577E1B-77E6-4FE6-8B1F-F2A61FB0C15F"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30870B43-5757-43FC-BB10-DC0FD6996DFE"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44678DC6-2D43-412D-89E0-F92B89BE1FD5"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "253B6795-4B4B-4CD0-97EB-ACD1587C497A"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7A94966-DD5E-490F-BDEE-2AEA9EECBFA5"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B52DB62D-5D12-4AE4-8A14-EA2782A92CA2"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55D71481-7552-4BE7-9BD0-C45BC5AAC3D2"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12B184B3-679B-4F27-9168-142090F99333"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1C89D96-8E49-4B4D-8D63-C240F5E9B439"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BF5FBBF-750D-49FF-97E8-91E9D29D53DA"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08F0C674-068D-43F9-BADE-0707008FF47F"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD4F5963-909C-404E-AF58-885DBBC78FB2"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F7B0657-4C0D-4CE7-8AB9-996EFF1DE4E2"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C3CD52F-48BB-49AD-BF77-DC5762051950"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A872F738-296B-443F-B6E1-5B8200A05270"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDD57F9E-5569-4F38-8C1B-BF033498639E"}, {"criteria": "cpe:2.3:a:ibm:rational_focal_point:6.6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "794382A6-042F-4036-B7DA-702135B1BE51"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}