Search criteria
4 vulnerabilities found for chec by toshiba
VAR-201506-0054
Vulnerability from variot - Updated: 2023-12-18 12:45CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access. Toshiba CHEC Is AES There is a problem where the common key is hard-coded. The encryption key is hard-coded (CWE-321) - CVE-2014-4875 Toshiba CHEC of CreateBossCredentials.jar Used for encryption AES There is a problem where the common key is hard-coded. bossinfo.pro An attacker with access to the file was hard-coded AES Using a common key, BOSS It is possible to decrypt encrypted information such as database authentication information. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.htmlBy an attacker with access to the product, BOSS The authentication information of the database may be obtained. Toshiba CHEC is a product of Toshiba Corporation. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0054",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "chec",
"scope": "eq",
"trust": 1.9,
"vendor": "toshiba",
"version": "6.7"
},
{
"model": "chec",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "6.6"
},
{
"model": "chec",
"scope": "eq",
"trust": 0.9,
"vendor": "toshiba",
"version": "6.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "toshiba commerce",
"version": null
},
{
"model": "chec",
"scope": "eq",
"trust": 0.8,
"vendor": "toshiba global commerce",
"version": "version 6.6"
},
{
"model": "chec",
"scope": "eq",
"trust": 0.8,
"vendor": "toshiba global commerce",
"version": "6.7"
},
{
"model": "chec",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "chec build level",
"scope": "ne",
"trust": 0.3,
"vendor": "toshiba",
"version": "6.74329"
},
{
"model": "chec build level",
"scope": "ne",
"trust": 0.3,
"vendor": "toshiba",
"version": "6.64014"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#301788"
},
{
"db": "CNVD",
"id": "CNVD-2015-03887"
},
{
"db": "BID",
"id": "75055"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002960"
},
{
"db": "NVD",
"id": "CVE-2014-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:toshiba:chec:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:toshiba:chec:6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4875"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Odell",
"sources": [
{
"db": "BID",
"id": "75055"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
],
"trust": 0.9
},
"cve": "CVE-2014-4875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 5.0,
"collateralDamagePotential": "LOW-MEDIUM",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "MEDIUM",
"enviromentalScore": 4.5,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2014-4875",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "UNCORROBORATED",
"severity": "MEDIUM",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-4875",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-03887",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4875",
"trust": 2.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-03887",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-217",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#301788"
},
{
"db": "CNVD",
"id": "CNVD-2015-03887"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002960"
},
{
"db": "NVD",
"id": "CVE-2014-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access. Toshiba CHEC Is AES There is a problem where the common key is hard-coded. The encryption key is hard-coded (CWE-321) - CVE-2014-4875 Toshiba CHEC of CreateBossCredentials.jar Used for encryption AES There is a problem where the common key is hard-coded. bossinfo.pro An attacker with access to the file was hard-coded AES Using a common key, BOSS It is possible to decrypt encrypted information such as database authentication information. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.htmlBy an attacker with access to the product, BOSS The authentication information of the database may be obtained. Toshiba CHEC is a product of Toshiba Corporation. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4875"
},
{
"db": "CERT/CC",
"id": "VU#301788"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002960"
},
{
"db": "CNVD",
"id": "CNVD-2015-03887"
},
{
"db": "BID",
"id": "75055"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4875",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#301788",
"trust": 4.1
},
{
"db": "BID",
"id": "75055",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU91309683",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002960",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-03887",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201506-217",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#301788"
},
{
"db": "CNVD",
"id": "CNVD-2015-03887"
},
{
"db": "BID",
"id": "75055"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002960"
},
{
"db": "NVD",
"id": "CVE-2014-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
]
},
"id": "VAR-201506-0054",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03887"
}
],
"trust": 1.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03887"
}
]
},
"last_update_date": "2023-12-18T12:45:05.129000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Global Commerce Solutions Self Checkout System 6",
"trust": 0.8,
"url": "http://www-03.ibm.com/products/retail/products/self/sco6/specs.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.toshibacommerce.com"
},
{
"title": "Toshiba CHEC built-in patch for encryption key information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/59823"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03887"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002960"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
},
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002960"
},
{
"db": "NVD",
"id": "CVE-2014-4875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/jlad-9x4spn"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/75055"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4875"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91309683/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4875"
},
{
"trust": 0.3,
"url": "http://www.toshiba.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#301788"
},
{
"db": "CNVD",
"id": "CNVD-2015-03887"
},
{
"db": "BID",
"id": "75055"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002960"
},
{
"db": "NVD",
"id": "CVE-2014-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#301788"
},
{
"db": "CNVD",
"id": "CNVD-2015-03887"
},
{
"db": "BID",
"id": "75055"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002960"
},
{
"db": "NVD",
"id": "CVE-2014-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-08T00:00:00",
"db": "CERT/CC",
"id": "VU#301788"
},
{
"date": "2015-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03887"
},
{
"date": "2015-06-08T00:00:00",
"db": "BID",
"id": "75055"
},
{
"date": "2015-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002960"
},
{
"date": "2015-06-24T10:59:00.120000",
"db": "NVD",
"id": "CVE-2014-4875"
},
{
"date": "2015-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-08T00:00:00",
"db": "CERT/CC",
"id": "VU#301788"
},
{
"date": "2015-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03887"
},
{
"date": "2015-06-08T00:00:00",
"db": "BID",
"id": "75055"
},
{
"date": "2015-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002960"
},
{
"date": "2015-06-24T18:52:44.123000",
"db": "NVD",
"id": "CVE-2014-4875"
},
{
"date": "2015-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshiba CHEC Hardcoded Cryptographic Key Information Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "75055"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-217"
}
],
"trust": 0.6
}
}
FKIE_CVE-2014-4875
Vulnerability from fkie_nvd - Published: 2015-06-24 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/301788 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/JLAD-9X4SPN | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/301788 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/JLAD-9X4SPN | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:toshiba:chec:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68CD53DD-C78B-405D-A6B9-F84C27573542",
"versionEndIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:chec:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "064E170A-48B7-496F-9C6D-A532A83C4B8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access."
},
{
"lang": "es",
"value": "CreateBossCredentials.jar en Toshiba CHEC anterior a 6.6 build 4014 y 6.7 anterior a build 4329 contiene una clave AES embebida, lo que permite a atacantes descubrir las credenciales de la base de datos Back Office System Server (BOSS) DB2 mediante el aprovechamiento de conocimiento de esta clave en conjunto con el acceso de lectura a bossinfo.pro."
}
],
"id": "CVE-2014-4875",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-24T10:59:00.120",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-4875 (GCVE-0-2014-4875)
Vulnerability from cvelistv5 – Published: 2015-06-24 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#301788",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-24T05:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#301788",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#301788",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"name": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4875",
"datePublished": "2015-06-24T10:00:00",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4875 (GCVE-0-2014-4875)
Vulnerability from nvd – Published: 2015-06-24 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#301788",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-24T05:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#301788",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#301788",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"name": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4875",
"datePublished": "2015-06-24T10:00:00",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}