A security vulnerability impacts IBM Rational Directory Server (RDS) 5.2.x, 5.1.1.x and Rational Directory Administrator (RDA) 6.x Java Client library.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID: CVE-2014-3089
Description: The RDS Java Client library carries clear text password ofroot user. A potential hacker with this password information could connect to RDS and could exploit its consuming products data.
CVSS Base Score: 2.1 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94255> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Product
| Version
—|—
Rational Directory Server (Tivoli) | 5.2 - 5.2.1_iFix002
Rational Directory Server (Apache)| 5.1.1 - 5.1.1.2_iFix003
Rational Directory Administrator| 6.0 and 6.0.0.1
Apply the following fix for your release of RDS.
Product | Download link |
---|---|
IBM Rational Directory Server 5.2 (Tivoli) | RDS 5.2.1 iFix003 |
IBM Rational Directory Server 5.1.1 (Apache) | RDS 5.1.1.2 iFix004 |
IBM Rational Directory Administrator 6.0 or 6.0.0.1 | RDA 6.0 iFix002 |
Important Notes:
None