CVE-2012-0700

The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21623501	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/73266

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:infosphere_fasttrack:8.1:::::::*
	cpe:2.3:a:ibm:infosphere_fasttrack:8.1.1:::::::*
	cpe:2.3:a:ibm:infosphere_fasttrack:8.1.2:::::::*
	cpe:2.3:a:ibm:infosphere_fasttrack:8.5:::::::*
	cpe:2.3:a:ibm:infosphere_fasttrack:8.7:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7:::::::*

History

No history.

Information

Published : 2013-01-31 12:06

Updated : 2017-08-29 01:31

NVD link : CVE-2012-0700

Mitre link : CVE-2012-0700

CVE.ORG link : CVE-2012-0700

JSON object : View

Products Affected

ibm

infosphere_information_server
infosphere_fasttrack

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2012-0700", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-31T12:06:17.800", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73266", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors."}, {"lang": "es", "value": "El cliente en InfoSphere FastTrack v8.1 hasta v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7 no almacena correctamente las credenciales, lo que permite a usuarios locales eludir las restricciones de acceso mediante vectores no especificados."}], "lastModified": "2017-08-29T01:31:00.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_fasttrack:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "680297B4-249B-4238-8B51-529531400D27"}, {"criteria": "cpe:2.3:a:ibm:infosphere_fasttrack:8.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBF5850C-3957-43A4-956A-CB6C7D6580CF"}, {"criteria": "cpe:2.3:a:ibm:infosphere_fasttrack:8.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88A78107-0E06-453F-9D94-B68D798D456F"}, {"criteria": "cpe:2.3:a:ibm:infosphere_fasttrack:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21F6D927-FCD5-45D2-912F-AD2AE8216678"}, {"criteria": "cpe:2.3:a:ibm:infosphere_fasttrack:8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "431DE583-94D0-4E42-B74F-A26990D3251A"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "317FAE67-76E2-4084-9393-8A02D255BAF5"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA7096B4-291F-49BB-8DBC-E67AC901CF08"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D547E88D-FE3F-4C90-B7D8-301A1449E9AB"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5585D2C4-6575-4469-A6EF-CCDC3A0BEDB2"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42A9CF5C-79EC-4BBF-92AF-2AB3DC125684"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}