CVE-2016-0252

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.

CVSS v3 5.1 MEDIUM
CVSS v2.0 1.9 LOW

5.1^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 1.4 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21985641	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:control_center:6.0.0.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:sterling_control_center:5.4.0.0:::::::*
	cpe:2.3:a:ibm:sterling_control_center:5.4.0.1:::::::*
	cpe:2.3:a:ibm:sterling_control_center:5.4.1:::::::*
	cpe:2.3:a:ibm:sterling_control_center:5.4.1.0:::::::*
	cpe:2.3:a:ibm:sterling_control_center:5.4.2:::::::*
	cpe:2.3:a:ibm:sterling_control_center:5.4.2.0:::::::*

History

No history.

Information

Published : 2016-07-08 01:59

Updated : 2024-02-04 18:53

NVD link : CVE-2016-0252

Mitre link : CVE-2016-0252

CVE.ORG link : CVE-2016-0252

JSON object : View

Products Affected

ibm

control_center
sterling_control_center

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2016-0252", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.4}]}, "published": "2016-07-08T01:59:01.663", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985641", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors."}, {"lang": "es", "value": "IBM Control Center 6.x en versiones anteriores a 6.0.0.1 iFix06 y Sterling Control Center 5.4.x en versiones anteriores a 5.4.2.1 iFix09 permiten a usuarios locales descifrar la clave maestra a trav\u00e9s de vectores no especificados."}], "lastModified": "2016-07-08T15:31:26.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:control_center:6.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E25AFD79-FD16-41A5-8BB0-B85E02EE0CCE"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_control_center:5.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "009662B8-A5FB-44AB-B2A1-2E7497C95BE6"}, {"criteria": "cpe:2.3:a:ibm:sterling_control_center:5.4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39B4F368-32E7-4C9E-B81A-874298F8C3E8"}, {"criteria": "cpe:2.3:a:ibm:sterling_control_center:5.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD97BBDA-EE72-46A9-8C06-97114654C967"}, {"criteria": "cpe:2.3:a:ibm:sterling_control_center:5.4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAD7B1C9-5CD3-4854-879C-EE0839E02E52"}, {"criteria": "cpe:2.3:a:ibm:sterling_control_center:5.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA2456E9-8F42-4765-956D-B2F09857BA6D"}, {"criteria": "cpe:2.3:a:ibm:sterling_control_center:5.4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8710F9BC-610B-48CB-9916-DD03F9025A5C"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}