| Vulnerability Name: | CVE-2012-4832 (CCN-78906) | ||||||||
| Assigned: | 2012-09-06 | ||||||||
| Published: | 2013-01-11 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Per: http://www-01.ibm.com/support/docview.wss?uid=swg21623501 "CVSS Base Score: 1.9 / CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N)" | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N) 1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-4832 Source: CCN Type: IBM Security Bulletin 1623501 Multiple security vulnerabilities in the IBM InfoSphere Information Server Suite Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21623501 Source: XF Type: UNKNOWN ibm-iis-loginpage-password-disclosure(78906) Source: XF Type: UNKNOWN ibm-iis-loginpage-password-disclosure(78906) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||