| Vulnerability Name: | CVE-2014-3089 (CCN-94255) | ||||||||
| Assigned: | 2014-08-19 | ||||||||
| Published: | 2014-08-19 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-310 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3089 Source: CCN Type: IBM Security Bulletin 1681554 Critical Security Vulnerability in Rational Directory Server (Tivoli and Apache) (CVE-2014-3089) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21681554 Source: CCN Type: IBM Security Bulletin 1681446 Critical Security Vulnerability in RDS Client library affecting Rational Change (CVE-2014-3089) Source: CCN Type: IBM Security Bulletin 1681770 Critical Security Vulnerability in RDS Client library affecting Rational Synergy (CVE-2014-3089) Source: BID Type: UNKNOWN 69300 Source: CCN Type: BID-69300 IBM Rational Directory Server CVE-2014-3089 Local Information Disclosure Vulnerability Source: XF Type: UNKNOWN ibm-rds-cve20143089-info-disc(94255) Source: XF Type: UNKNOWN ibm-rds-cve20143089-cleartext(94255) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||