CVE-2014-6123 - OpenCVE

IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Rational Appscan Source Security Appscan Source

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_appscan_source:8.0.0.0:::::::*
	cpe:2.3:a:ibm:rational_appscan_source:8.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_appscan_source:8.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_appscan_source:8.5.0.0:::::::*
	cpe:2.3:a:ibm:rational_appscan_source:8.5.0.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:security_appscan_source:8.6.0.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.6.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.6.0.2:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.7.0.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.7.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.8:::::::*
	cpe:2.3:a:ibm:security_appscan_source:9.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:9.0.0.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:9.0.1:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21692999
https://exchange.xforce.ibmcloud.com/vulnerabilities/96724

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-12-29T02:00:00

Updated: 2024-08-06T12:10:11.782Z

Reserved: 2014-09-02T00:00:00

Link: CVE-2014-6123

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-12-29T02:59:00.050

Modified: 2017-09-08T01:29:09.387

Link: CVE-2014-6123

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692999"}, {"name": "ibm-appscan-cve20146123-logs(96724)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96724"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-6123", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692999", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692999"}, {"name": "ibm-appscan-cve20146123-logs(96724)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96724"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:10:11.782Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692999"}, {"name": "ibm-appscan-cve20146123-logs(96724)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96724"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-6123", "datePublished": "2014-12-29T02:00:00", "dateReserved": "2014-09-02T00:00:00", "dateUpdated": "2024-08-06T12:10:11.782Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_appscan_source:8.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "733A304C-3BF9-4B80-A870-7165919CE19F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan_source:8.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBD5AF6C-B52F-4410-95CC-9B0BAEDA941E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan_source:8.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "00754250-A540-494B-B10F-57C67D179411", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan_source:8.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4201B2D-D338-4FC0-BB98-6980B37DCA1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan_source:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9D3DEE26-0A07-4AF7-815D-CFCD9B22A043", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "640A76CD-7A8C-4961-B07A-EC89F7CFCDBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "01378605-9438-4967-82CD-1849FADD3C60", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0650525D-E729-4354-A882-7A30D366D629", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9B7AF5D9-1133-4B13-88F5-3236A749974C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1D7784D-5DAA-455F-84D1-E97F6BD2357E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "7E024F44-EC78-472F-B186-DF5E882D1217", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F890EA4-7122-4AD1-B0C2-1F6D8B67D021", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "ACCB614F-E5CC-4D1F-B7F8-D6B7221F0741", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0CDCE5EF-CD70-4B37-818F-226BDC458233", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs."}, {"lang": "es", "value": "IBM Rational AppScan Source 8.0 a trav\u00e9s de 8.0.0.2 y 8.5 a trav\u00e9s de 8.5.0.1 y Security AppScan Source 8.6 a trav\u00e9s de 8.6.0.2, 8.7 a trav\u00e9s de 8.7.0.1, 8.8, 9.0 a trav\u00e9s de 9.0.0.1, y 9.0.1 permite a usuarios locales obtener informaci\u00f3n sensible de credenciales leyendo logs de instalaci\u00f3n."}], "id": "CVE-2014-6123", "lastModified": "2017-09-08T01:29:09.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-29T02:59:00.050", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692999"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96724"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}