CVE-2012-4862 - OpenCVE

The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Rational Developer For System Z

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_developer_for_system_z:7.1:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.1:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.2:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.3:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.4:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.1.0:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.2:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.1:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.2:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.3:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.0:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.0.1:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.1:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/51401
http://www.ibm.com/support/docview.wss?uid=swg21617886
http://www.securityfocus.com/bid/56725
http://www.securitytracker.com/id?1027818
https://exchange.xforce.ibmcloud.com/vulnerabilities/79919

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2012-12-05T11:00:00

Updated: 2024-08-06T20:50:17.494Z

Reserved: 2012-09-06T00:00:00

Link: CVE-2012-4862

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-12-05T11:57:14.977

Modified: 2017-08-29T01:32:24.150

Link: CVE-2012-4862

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-26T00:00:00", "descriptions": [{"lang": "en", "value": "The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "rdz-ssl-info-disclosure(79919)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79919"}, {"name": "1027818", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1027818"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21617886"}, {"name": "51401", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51401"}, {"name": "56725", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56725"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-4862", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "rdz-ssl-info-disclosure(79919)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79919"}, {"name": "1027818", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027818"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg21617886", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21617886"}, {"name": "51401", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51401"}, {"name": "56725", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56725"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:50:17.494Z"}, "title": "CVE Program Container", "references": [{"name": "rdz-ssl-info-disclosure(79919)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79919"}, {"name": "1027818", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1027818"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21617886"}, {"name": "51401", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51401"}, {"name": "56725", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56725"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-4862", "datePublished": "2012-12-05T11:00:00", "dateReserved": "2012-09-06T00:00:00", "dateUpdated": "2024-08-06T20:50:17.494Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A610A08-6976-4BD3-BEA3-07E4BB6479EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5AE7F88A-82CB-497B-9BF0-20FC6CC53A33", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D0913793-B201-4A51-8F7C-09ABA999A47A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D4214C71-0E56-46FF-829A-3938BAD9DC2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "CDAF6553-5CDF-460F-ADC5-7AE2FFA4320A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5EE886B1-B143-4499-94BC-189AD7B503E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C99ED2BD-F3C8-44E0-B95D-ADB5BC628066", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3BD37E87-18CC-4ACB-BE92-8D063CEA2A35", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "9607BF1B-8EFC-419D-84B2-537EA4B480D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EEB98DA3-866B-4EFD-BBFF-E656BFE2D839", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "5C9F5302-926D-455B-9E04-8754687D4C5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B65DE782-FE3A-408E-A486-5B33280B6F2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "095A59BB-9C5D-40D0-A57F-1162DBD858D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E4798A47-D1B0-4172-981B-5A0F3C393923", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors."}, {"lang": "es", "value": "El emulador Host Connect en IBM Rational Developer para System z v7.1 hasta v8.5.1 no almacena correctamente la contrase\u00f1a del certificado SSL, permitiendo a usuarios locales obtener informaci\u00f3n sensible mediante vectores no especificados."}], "id": "CVE-2012-4862", "lastModified": "2017-08-29T01:32:24.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-05T11:57:14.977", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/51401"}, {"source": "psirt@us.ibm.com", "url": "http://www.ibm.com/support/docview.wss?uid=swg21617886"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/56725"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id?1027818"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79919"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}