All the vulnerabilites related to ibm - rational_directory_server
Vulnerability from fkie_nvd
Published
2014-08-22 01:55
Modified
2024-11-21 02:07
Severity ?
Summary
The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21681554Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/69300
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/94255
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21681554Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/69300
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/94255
Impacted products
Vendor Product Version
ibm rational_directory_administrator 6.0
ibm rational_directory_administrator 6.0.0.1
ibm rational_directory_server 5.1.1
ibm rational_directory_server 5.1.1.1
ibm rational_directory_server 5.1.1.2
ibm rational_directory_server 5.2
ibm rational_directory_server 5.2.0.1
ibm rational_directory_server 5.2.0.2
ibm rational_directory_server 5.2.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_administrator:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3133BA9-2C59-498D-B86B-235F383D2CD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_administrator:6.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE3A640-291B-4D9A-9D36-A48D10965278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "863115B5-B43A-4926-957F-3D0518CB8E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "993B628A-3C52-461A-A507-A40BE4C823DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B666029A-3701-4E2B-BFF9-392AE50CED2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3279036F-BE1A-44FD-AF4C-9C61A1F165D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5852C2-A255-427B-A27F-ED792DA8FB9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "950DD182-C8EE-45B8-A32E-213CFC26DCEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE944B72-F1C2-48B3-82D8-FF21938B53B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file."
    },
    {
      "lang": "es",
      "value": "La librar\u00eda RDS Java Client en IBM Rational Directory Server (RDS) 5.1.1.x anterior a 5.1.1.2 iFix004 y 5.2.x anterior a 5.2.1 iFix003, y Rational Directory Administrator (RDA) 6.0 anterior a iFix002, incluye la contrase\u00f1a root en texto plano lo permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un fichero de la librar\u00eda."
    }
  ],
  "id": "CVE-2014-3089",
  "lastModified": "2024-11-21T02:07:26.563",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-22T01:55:08.230",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681554"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/69300"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94255"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-05-28 16:55
Modified
2024-11-21 01:47
Severity ?
Summary
IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21637151Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/60107
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/83613
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21637151Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/60107
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/83613
Impacted products
Vendor Product Version
ibm rational_directory_server *
ibm rational_directory_server 5.1.1
ibm rational_directory_server 5.1.1.1
ibm rational_directory_server *
ibm rational_directory_server 5.2
ibm rational_directory_server 5.2.0.1
ibm rational_directory_server 5.2.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77ABEE3A-DD6B-41BE-846E-5091542A2678",
              "versionEndIncluding": "5.1.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "863115B5-B43A-4926-957F-3D0518CB8E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "993B628A-3C52-461A-A507-A40BE4C823DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8651CF37-495D-4CFD-BEA0-21400E549680",
              "versionEndIncluding": "5.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3279036F-BE1A-44FD-AF4C-9C61A1F165D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5852C2-A255-427B-A27F-ED792DA8FB9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:5.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "950DD182-C8EE-45B8-A32E-213CFC26DCEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code."
    },
    {
      "lang": "es",
      "value": "IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Rational Directory Server v5.1.1 a trav\u00e9s de v5.1.1.2 y v5.2 a trav\u00e9s de v5.2.1 y de otros productos, permite a atacantes remotos obtener informaci\u00f3n sensible al establecer determinada ruta mediante un par\u00e1metro y luego leer la depuraci\u00f3n de informaci\u00f3n asociada con el c\u00f3digo de estado HTTP 500."
    }
  ],
  "id": "CVE-2013-0599",
  "lastModified": "2024-11-21T01:47:49.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-05-28T16:55:01.157",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637151"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/60107"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/60107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83613"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-08-08 10:26
Modified
2024-11-21 01:38
Severity ?
Summary
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.
References
psirt@us.ibm.comhttp://secunia.com/advisories/51279
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV31973
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV31975
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21606145Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/54743
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77280
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51279
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21606145Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54743
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77280
Impacted products
Vendor Product Version
ibm global_security_kit *
ibm global_security_kit 7.0.4.28
ibm global_security_kit 7.0.4.29
ibm rational_directory_server *
ibm tivoli_directory_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD46A9C-9DB2-4B61-BCEA-DC5AB03DCD7E",
              "versionEndIncluding": "8.0.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FD561AD-2421-4AA6-B3C5-6536F6933526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E509BA-4B47-4EDE-86DC-2E666D2D74E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0651DE7C-B8EB-4214-981B-561256C5473A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E249E-CB31-46A4-9E4F-274C6055C33A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate."
    },
    {
      "lang": "es",
      "value": "IBM Global Security Kit (tambi\u00e9n conocido como GSKit) anterior a v8.0.14.22, como se utiliza en IBM Directory Server Rational de IBM Tivoli Directory Server y otros productos, utiliza el formato PKCS # 12 para los objetos de archivo de certificado, sin exigir la integridad del archivo, lo que hace m\u00e1s f\u00e1cil para a atacantes remotos falsificar servidores SSL a trav\u00e9s de vectores relacionados con la inserci\u00f3n de una arbitraria ra\u00edz de Autoridad de Certificaci\u00f3n (CA) de certificados"
    }
  ],
  "id": "CVE-2012-2203",
  "lastModified": "2024-11-21T01:38:41.937",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-08T10:26:18.813",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/51279"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/54743"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77280"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-08-08 10:26
Modified
2024-11-21 01:38
Severity ?
Summary
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.
References
psirt@us.ibm.comhttp://secunia.com/advisories/51279
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV31980
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV31981
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21606145Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/54743
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75996
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51279
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21606145Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54743
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75996
Impacted products
Vendor Product Version
ibm global_security_kit *
ibm global_security_kit 7.0.4.28
ibm global_security_kit 7.0.4.29
ibm rational_directory_server *
ibm tivoli_directory_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD46A9C-9DB2-4B61-BCEA-DC5AB03DCD7E",
              "versionEndIncluding": "8.0.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FD561AD-2421-4AA6-B3C5-6536F6933526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E509BA-4B47-4EDE-86DC-2E666D2D74E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0651DE7C-B8EB-4214-981B-561256C5473A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E249E-CB31-46A4-9E4F-274C6055C33A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333."
    },
    {
      "lang": "es",
      "value": "IBM Global Security Kit (tambi\u00e9n conocido como GSKit) anterior a v8.0.14.22, cuando es usado en IBM Directory Server Rational de IBM Tivoli Directory Server y otros productos, no valida correctamente los datos durante la ejecuci\u00f3n de un mecanismo de protecci\u00f3n contra el ataque (Vaudenay SSL CBC timing), que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de  valores manipulados de la capa de registro TLS, una vulnerabilidad diferente a CVE-2012-2333."
    }
  ],
  "id": "CVE-2012-2191",
  "lastModified": "2024-11-21T01:38:40.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-08T10:26:18.767",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/51279"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/54743"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75996"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-0599
Vulnerability from cvelistv5
Published
2013-05-28 16:00
Modified
2024-08-06 14:33
Severity ?
Summary
IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code.
References
http://www.securityfocus.com/bid/60107vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/83613vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21637151x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:33:05.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "60107",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/60107"
          },
          {
            "name": "ibm-iehs-cve20130599-info-disclosure(83613)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83613"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637151"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "60107",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/60107"
        },
        {
          "name": "ibm-iehs-cve20130599-info-disclosure(83613)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83613"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637151"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0599",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "60107",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/60107"
            },
            {
              "name": "ibm-iehs-cve20130599-info-disclosure(83613)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83613"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21637151",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637151"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0599",
    "datePublished": "2013-05-28T16:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:33:05.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2203
Vulnerability from cvelistv5
Published
2012-08-08 10:00
Modified
2024-08-06 19:26
Severity ?
Summary
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/77280vdb-entry, x_refsource_XF
http://secunia.com/advisories/51279third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975vendor-advisory, x_refsource_AIXAPAR
http://www.securityfocus.com/bid/54743vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973vendor-advisory, x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21606145x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rds-gskit-pkcs-spoofing(77280)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77280"
          },
          {
            "name": "51279",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51279"
          },
          {
            "name": "IV31975",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975"
          },
          {
            "name": "54743",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54743"
          },
          {
            "name": "IV31973",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "rds-gskit-pkcs-spoofing(77280)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77280"
        },
        {
          "name": "51279",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51279"
        },
        {
          "name": "IV31975",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975"
        },
        {
          "name": "54743",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54743"
        },
        {
          "name": "IV31973",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2203",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rds-gskit-pkcs-spoofing(77280)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77280"
            },
            {
              "name": "51279",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51279"
            },
            {
              "name": "IV31975",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975"
            },
            {
              "name": "54743",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54743"
            },
            {
              "name": "IV31973",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2203",
    "datePublished": "2012-08-08T10:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2191
Vulnerability from cvelistv5
Published
2012-08-08 10:00
Modified
2024-08-06 19:26
Severity ?
Summary
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/51279third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/75996vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/54743vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981vendor-advisory, x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21606145x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:09.007Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV31980",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980"
          },
          {
            "name": "51279",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51279"
          },
          {
            "name": "rds-recordlayer-dos(75996)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75996"
          },
          {
            "name": "54743",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54743"
          },
          {
            "name": "IV31981",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV31980",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980"
        },
        {
          "name": "51279",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51279"
        },
        {
          "name": "rds-recordlayer-dos(75996)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75996"
        },
        {
          "name": "54743",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54743"
        },
        {
          "name": "IV31981",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2191",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV31980",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980"
            },
            {
              "name": "51279",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51279"
            },
            {
              "name": "rds-recordlayer-dos(75996)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75996"
            },
            {
              "name": "54743",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54743"
            },
            {
              "name": "IV31981",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2191",
    "datePublished": "2012-08-08T10:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:09.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3089
Vulnerability from cvelistv5
Published
2014-08-22 01:00
Modified
2024-08-06 10:35
Severity ?
Summary
The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21681554x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/94255vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/69300vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:55.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681554"
          },
          {
            "name": "ibm-rds-cve20143089-cleartext(94255)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94255"
          },
          {
            "name": "69300",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69300"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681554"
        },
        {
          "name": "ibm-rds-cve20143089-cleartext(94255)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94255"
        },
        {
          "name": "69300",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69300"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3089",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681554",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681554"
            },
            {
              "name": "ibm-rds-cve20143089-cleartext(94255)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94255"
            },
            {
              "name": "69300",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69300"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3089",
    "datePublished": "2014-08-22T01:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:35:55.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}