CVE-2014-4822

IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023
http://www-01.ibm.com/support/docview.wss?uid=swg21686339	Vendor Advisory
http://secunia.com/advisories/59921
https://exchange.xforce.ibmcloud.com/vulnerabilities/95467

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_mq:8.0.0.0:::::::*
	cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.0:::::::*
	cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.1:::::::*
	cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.4:::::::*
	cpe:2.3:a:ibm:websphere_mq_explorer:8.0.0.0:::::::*
	cpe:2.3:a:ibm:websphere_mq_explorer:8.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.2:::::::*
	cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.3:::::::*

Information

Published : 2014-10-19 01:55

Updated : 2017-08-29 01:35

NVD link : CVE-2014-4822

Mitre link : CVE-2014-4822

JSON object : View

Products Affected

ibm

websphere_mq_explorer
websphere_mq

CWE

CWE-255

Credentials Management Errors

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023", "name": "IT04023", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686339", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686339", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/59921", "name": "59921", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95467", "name": "ibm-webspheremq-cve20144822-java(95467)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-4822", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-10-19T01:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_explorer:8.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_explorer:8.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_mq_explorer:7.5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:35Z"}