Vulnerability Details CVE-2014-3089
The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.3%
CVSS Severity
CVSS v2 Score 4.9
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21681554
- http://www.securityfocus.com/bid/69300
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94255
- http://www-01.ibm.com/support/docview.wss?uid=swg21681554
- http://www.securityfocus.com/bid/69300
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94255
Products affected by CVE-2014-3089
-
cpe:2.3:a:ibm:rational_directory_administrator:6.0
-
cpe:2.3:a:ibm:rational_directory_administrator:6.0.0.1
-
cpe:2.3:a:ibm:rational_directory_server:5.1.1
-
cpe:2.3:a:ibm:rational_directory_server:5.1.1.1
-
cpe:2.3:a:ibm:rational_directory_server:5.1.1.2
-
cpe:2.3:a:ibm:rational_directory_server:5.2
-
cpe:2.3:a:ibm:rational_directory_server:5.2.0.1
-
cpe:2.3:a:ibm:rational_directory_server:5.2.0.2
-
cpe:2.3:a:ibm:rational_directory_server:5.2.1