Lucene search
HistoryMar 06, 2014 - 11:55 a.m.
CVE-2014-0890
ibm
sametime
connect client
cve-2014-0890
security vulnerability
password logging
nvd
local users
sensitive information
5.6 Medium
AI Score
Confidence
Low
1.9 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.
Affected configurations
Node
ibmsametimeMatch8.5.1.0
ORibmsametimeMatch8.5.1.1
ORibmsametimeMatch8.5.1.2
ORibmsametimeMatch8.5.2.0
ORibmsametimeMatch8.5.2.1
ORibmsametimeMatch9.0.0.0
ORibmsametimeMatch9.0.0.1
Related
cvelist
cvelist
CVE-2014-0890
2014-03-06 11:00:00
nvd
nvd
CVE-2014-0890
2014-03-06 11:55:05
prion
prion
Information disclosure
2014-03-06 11:55:00
seebug
seebug
IBM Sametime Connect信息泄露漏洞(CVE-2014-0890)
2014-03-05 00:00:00
IBM Sametime Connect日志信息泄漏漏洞
2014-03-07 00:00:00
nessus
nessus
IBM Lotus Sametime Connect Audio / Video Chat Information Disclosure
2014-03-07 00:00:00
5.6 Medium
AI Score
Confidence
Low
1.9 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
Related for CVE-2014-0890