Lucene search

[email protected]CVE-2014-6146

HistoryNov 08, 2014 - 11:55 a.m.

CVE-2014-6146

2014-11-0811:55:02

CWE-200

[email protected]

web.nvd.nist.gov

ibm

sterling b2b integrator

cve-2014-6146

security vulnerability

log files

connect:direct server adapter

5.7 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.

Affected configurations

NVD

Node

ibmsterling_b2b_integratorMatch5.2.1

ibmsterling_b2b_integratorMatch5.2.2

ibmsterling_b2b_integratorMatch5.2.4

CPENameOperatorVersion
ibm:sterling_b2b_integratoribm sterling b2b integratoreq5.2.1
ibm:sterling_b2b_integratoribm sterling b2b integratoreq5.2.2
ibm:sterling_b2b_integratoribm sterling b2b integratoreq5.2.4

CPE	Name	Operator	Version
ibm:sterling_b2b_integrator	ibm sterling b2b integrator	eq	5.2.1
ibm:sterling_b2b_integrator	ibm sterling b2b integrator	eq	5.2.2
ibm:sterling_b2b_integrator	ibm sterling b2b integrator	eq	5.2.4

References

secunia.com/advisories/62190

www-01.ibm.com/support/docview.wss?uid=swg1IT04337

www-01.ibm.com/support/docview.wss?uid=swg21689082

exchange.xforce.ibmcloud.com/vulnerabilities/96916

5.7 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2014-6146

cvelist1 nvd1 prion1