CVE-2012-4832

2013-01-3112:06:18

CWE-200

[email protected]

web.nvd.nist.gov

ibm

infosphere

isf

information server

vulnerability

nvd

security

remote attack

authentication

unattended workstation

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Affected configurations

NVD

Node

ibminfosphere_business_glossaryMatch8.1.1

ibminfosphere_business_glossaryMatch8.1.2

ibminfosphere_information_serverMatch8.1

ibminfosphere_information_serverMatch8.5

ibminfosphere_information_serverMatch8.5.0.1

ibminfosphere_information_serverMatch8.5.0.2

ibminfosphere_information_serverMatch8.7

CPENameOperatorVersion
ibm:infosphere_business_glossaryibm infosphere business glossaryeq8.1.1
ibm:infosphere_business_glossaryibm infosphere business glossaryeq8.1.2
ibm:infosphere_information_serveribm infosphere information servereq8.1
ibm:infosphere_information_serveribm infosphere information servereq8.5
ibm:infosphere_information_serveribm infosphere information servereq8.5.0.1
ibm:infosphere_information_serveribm infosphere information servereq8.5.0.2
ibm:infosphere_information_serveribm infosphere information servereq8.7

CPE	Name	Operator	Version
ibm:infosphere_business_glossary	ibm infosphere business glossary	eq	8.1.1
ibm:infosphere_business_glossary	ibm infosphere business glossary	eq	8.1.2
ibm:infosphere_information_server	ibm infosphere information server	eq	8.1
ibm:infosphere_information_server	ibm infosphere information server	eq	8.5
ibm:infosphere_information_server	ibm infosphere information server	eq	8.5.0.1
ibm:infosphere_information_server	ibm infosphere information server	eq	8.5.0.2
ibm:infosphere_information_server	ibm infosphere information server	eq	8.7