Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIbmCVE-2014-0890
HistoryMar 06, 2014 - 11:55 a.m.

CVE-2014-0890

2014-03-0611:55:05
CWE-255
ibm
web.nvd.nist.gov
29
ibm
sametime
connect client
cve-2014-0890
security vulnerability
password logging
nvd
local users
sensitive information

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.6

Confidence

Low

EPSS

0

Percentile

5.1%

JSON

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.

Affected configurations

Nvd
Node
ibmsametimeMatch8.5.1.0
OR
ibmsametimeMatch8.5.1.1
OR
ibmsametimeMatch8.5.1.2
OR
ibmsametimeMatch8.5.2.0
OR
ibmsametimeMatch8.5.2.1
OR
ibmsametimeMatch9.0.0.0
OR
ibmsametimeMatch9.0.0.1
VendorProductVersionCPE
ibmsametime8.5.1.0cpe:2.3:a:ibm:sametime:8.5.1.0:*:*:*:*:*:*:*
ibmsametime8.5.1.1cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:*
ibmsametime8.5.1.2cpe:2.3:a:ibm:sametime:8.5.1.2:*:*:*:*:*:*:*
ibmsametime8.5.2.0cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*
ibmsametime8.5.2.1cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*
ibmsametime9.0.0.0cpe:2.3:a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*
ibmsametime9.0.0.1cpe:2.3:a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*

Related

cvelist 1
nvd 1
seebug 2
nessus 1
prion 1
cvelist
cvelist
CVE-2014-0890
2014-03-06 11:00:00
nvd
nvd
CVE-2014-0890
2014-03-06 11:55:05
seebug
seebug
IBM Sametime Connect日志信息泄漏漏洞
2014-03-07 00:00:00
IBM Sametime Connect信息泄露漏洞(CVE-2014-0890)
2014-03-05 00:00:00
nessus
nessus
IBM Lotus Sametime Connect Audio / Video Chat Information Disclosure
2014-03-07 00:00:00
prion
prion
Information disclosure
2014-03-06 11:55:00

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.6

Confidence

Low

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2014-0890
cvelist1nvd1seebug2nessus1prion1