CVE-2014-4875

{"id": "CVE-2014-4875", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-24T10:59:00.120", "references": [{"url": "http://www.kb.cert.org/vuls/id/301788", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access."}, {"lang": "es", "value": "CreateBossCredentials.jar en Toshiba CHEC anterior a 6.6 build 4014 y 6.7 anterior a build 4329 contiene una clave AES embebida, lo que permite a atacantes descubrir las credenciales de la base de datos Back Office System Server (BOSS) DB2 mediante el aprovechamiento de conocimiento de esta clave en conjunto con el acceso de lectura a bossinfo.pro."}], "lastModified": "2015-06-24T18:52:44.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:toshiba:chec:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68CD53DD-C78B-405D-A6B9-F84C27573542", "versionEndIncluding": "6.6"}, {"criteria": "cpe:2.3:a:toshiba:chec:6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "064E170A-48B7-496F-9C6D-A532A83C4B8E"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}