Lucene search
IBMDBA6B26369563B9C97038D6F6DEA70468586F91BF5D8E037E897BF5FDF58A24FHistoryNov 13, 2018 - 6:50 p.m.
Security Bulletin: Hard-coded credentials used in IBM dashDB Local (CVE-2016-8954)
2018-11-1318:50:01
www.ibm.com
6
0.004 Low
EPSS
Percentile
74.2%
Summary
Hard-code credentials in IBM dashDB Local might be exploited by an attacker.
Vulnerability Details
CVEID: CVE-2016-8954 DESCRIPTION: IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118842 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM dashDB Local v1.0.0 - v1.3.1.
Remediation/Fixes
Update to IBM dashDB Local v1.4.0 or later. For the procedure, see http://www.ibm.com/support/knowledgecenter/SS6NHC/com.ibm.swg.im.dashdb.doc/admin/local_updating.html.
Workarounds and Mitigations
None.
Related
cve
cve
CVE-2016-8954
2017-02-08 22:59:00
cvelist
cvelist
CVE-2016-8954
2017-02-08 22:00:00
nvd
nvd
CVE-2016-8954
2017-02-08 22:59:00
prion
prion
Hardcoded credentials
2017-02-08 22:59:00
0.004 Low
EPSS
Percentile
74.2%
Related for DBA6B26369563B9C97038D6F6DEA70468586F91BF5D8E037E897BF5FDF58A24F