Lucene search
HistoryJun 24, 2015 - 10:59 a.m.
CVE-2014-4875
toshiba
chec
cve-2014-4875
hardcoded aes key
boss
db2
database
security vulnerability
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
50.2%
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
Affected configurations
Node
toshibachecRange≤6.6
ORtoshibachecMatch6.7
| CPE | Name | Operator | Version |
|---|---|---|---|
| toshiba:chec | toshiba chec | le | 6.6 |
| toshiba:chec | toshiba chec | eq | 6.7 |
Related
nvd
nvd
CVE-2014-4875
2015-06-24 10:59:00
cert
cert
Toshiba CHEC contains a hard-coded cryptographic key
2015-06-08 00:00:00
cvelist
cvelist
CVE-2014-4875
2015-06-24 10:00:00
prion
prion
Hardcoded credentials
2015-06-24 10:59:00
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
50.2%
Related for CVE-2014-4875