CVE-2014-6134

IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.

CVSS v2.0 1.2 LOW

1.2^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 1.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21688450	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:installation_manager:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:rational_clearcase:8.0.0:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.12:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.0.13:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.1:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.1.5:::::::*
	cpe:2.3:a:ibm:rational_clearcase:8.0.1.6:::::::*

History

No history.

Information

Published : 2015-03-25 01:59

Updated : 2024-02-04 18:35

NVD link : CVE-2014-6134

Mitre link : CVE-2014-6134

CVE.ORG link : CVE-2014-6134

JSON object : View

Products Affected

ibm

rational_clearcase
installation_manager

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2014-6134", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-25T01:59:03.767", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688450", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account."}, {"lang": "es", "value": "IBM Rational ClearCase 8.0.0 anterior a 8.0.0.14 y 8.0.1 anterior a 8.0.1.7, cuando se utiliza Installation Manager anterior a 1.8.2, retiene las contrase\u00f1as del servidor en texto plano en la memoria de proceso durante todo el procedimiento de instalaci\u00f3n, lo que podr\u00eda permitir a usuarios locales obtener informaci\u00f3n sensible mediante el aprovechamiento del acceso a la cuenta de instalaci\u00f3n."}], "lastModified": "2015-03-25T20:47:58.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:installation_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CC55684-C384-4834-8D0E-E773271E9DF6", "versionEndIncluding": "1.8.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC77F840-B9AB-48F4-840E-C38F7E947399"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "305EE299-029D-4AEC-B738-4DB7F841E774"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C585B19A-3A0E-4D49-92EA-147A0389D77C"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFE9D77A-6462-461C-B651-FE2A8B239E0D"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFAA6B9C-96ED-4C76-9AEE-2285D29F6DB1"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "571A1E6F-05EC-43CC-9B31-39FEE3C2D173"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0260695E-777E-4A33-BF4E-ABC51D3AA77C"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85321EB9-969F-4A2F-9001-CD7B2988838B"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE71E5A6-D24E-4C54-8CFF-84DD4B88D9A7"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D5B1D4E-C744-4953-92C4-FFBD42319037"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "443B795B-F32F-449A-BB35-8538239BD5E1"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15872130-8ABE-4D3F-9D06-37C90666F3CF"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30D45D8C-4917-4F07-82E8-6FB909769897"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "169B3158-9039-40D9-B408-533D50448059"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6873B05A-D699-4337-AA66-5C414F8ED078"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F069484-AD4A-47D8-87F9-1BDB9801EC7C"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0CDDF5F-0CD8-4D7B-9BB4-80B8245EAE21"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68CE3BBC-7607-46C5-BF9A-871F55D437D3"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C59C974-2F5F-4F40-AAD1-09957758FF01"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F732B2D-6996-4D62-9D81-E1452E982A93"}, {"criteria": "cpe:2.3:a:ibm:rational_clearcase:8.0.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7118232D-D226-4856-80E1-1EC42DFFFFE9"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}