CVE-2014-4835

2015-01-1711:59:03

CWE-200

[email protected]

web.nvd.nist.gov

ibm

serverguide

uxspi

toolscenter suite

9.63

credentials

logs

sensitive information

local users

file reading

vulnerability

5.7 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file.

Affected configurations

NVD

Node

ibmserverguideRange≤9.60

ibmtoolscenter_suiteRange≤9.60

ibmupdatexpress_system_packs_installerRange≤9.60

CPENameOperatorVersion
ibm:serverguideibm serverguidele9.60
ibm:toolscenter_suiteibm toolscenter suitele9.60
ibm:updatexpress_system_packs_installeribm updatexpress system packs installerle9.60

CPE	Name	Operator	Version
ibm:serverguide	ibm serverguide	le	9.60
ibm:toolscenter_suite	ibm toolscenter suite	le	9.60
ibm:updatexpress_system_packs_installer	ibm updatexpress system packs installer	le	9.60