cvelistv5 - cve-2017-1207

CVE-2017-1207 (GCVE-0-2017-1207)

Vulnerability from cvelistv5 – Published: 2017-07-05 17:00 – Updated: 2024-09-17 03:22

Summary

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

Severity ?

No CVSS data available.

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22005382	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/99368	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	Integration Bus	Affected: 9.0 Affected: 10.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
          },
          {
            "name": "99368",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Integration Bus",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "10.0"
            }
          ]
        }
      ],
      "datePublic": "2017-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
        },
        {
          "name": "99368",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99368"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-30T00:00:00",
          "ID": "CVE-2017-1207",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Integration Bus",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "10.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005382",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
            },
            {
              "name": "99368",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99368"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1207",
    "datePublished": "2017-07-05T17:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T03:22:49.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9244FCC7-99F7-4F90-99CD-12FFF5AD2514\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B859DAA9-1B0E-47CE-813D-108776C3B239\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2458C42A-90F7-457C-AAD6-205D9893A993\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BFEC988-5E94-474F-9A60-966B8FA8B8F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE5CCF85-8149-43DB-A594-99895D94F447\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA0D7E80-2607-4567-8D1C-2ADA32F174D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32E57C58-4A30-43BE-B8CC-E6B38E67AA8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2C048F0-D615-49E6-9B50-22E259C02C5B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"279685A5-23ED-49B1-AF42-2181054B7316\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"725E3F95-4096-497D-8F2A-02C185ACF8CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACB80DEF-E09A-4B51-96B8-75F0AD9C6499\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"576FE339-BD08-4994-B31A-15BC521650E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"371E03D4-BDD9-40A8-B24B-43C320C9F3E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C319D81D-E66B-47E6-A731-D5074314B94B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3A6D9A8-9196-4358-B2ED-BD103AB237F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"408B31F1-F945-4CEB-B6D4-2666A6B8B2C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0352390-F2E0-4F66-829B-79A0F210A622\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6309A833-9490-494A-BE3A-BA79133BD6E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50810A19-BEDC-4DF6-BA82-DAA1F96D5400\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97486673-4740-4F4F-8956-73C06B477096\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79E917E9-DE5E-482A-9A20-823DF475BE66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC25F42C-82EC-44EE-94AC-E85F428460D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA2BBC72-E5AD-4FAD-8F72-264794847D96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3797766-D2E5-4645-A793-ABA12A10CF10\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.\"}, {\"lang\": \"es\", \"value\": \"IBM WebSphere Message Broker almacena las credenciales del usuario en texto plano las cuales podr\\u00edan ser le\\u00eddas por un usuario local. IBM X-Force ID: 123777.\"}]",
      "id": "CVE-2017-1207",
      "lastModified": "2024-11-21T03:21:30.433",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-07-05T17:29:00.373",
      "references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22005382\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99368\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/123777\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22005382\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/123777\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-1207\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2017-07-05T17:29:00.373\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.\"},{\"lang\":\"es\",\"value\":\"IBM WebSphere Message Broker almacena las credenciales del usuario en texto plano las cuales podr\u00edan ser le\u00eddas por un usuario local. IBM X-Force ID: 123777.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9244FCC7-99F7-4F90-99CD-12FFF5AD2514\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B859DAA9-1B0E-47CE-813D-108776C3B239\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2458C42A-90F7-457C-AAD6-205D9893A993\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BFEC988-5E94-474F-9A60-966B8FA8B8F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE5CCF85-8149-43DB-A594-99895D94F447\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA0D7E80-2607-4567-8D1C-2ADA32F174D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32E57C58-4A30-43BE-B8CC-E6B38E67AA8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2C048F0-D615-49E6-9B50-22E259C02C5B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"279685A5-23ED-49B1-AF42-2181054B7316\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"725E3F95-4096-497D-8F2A-02C185ACF8CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACB80DEF-E09A-4B51-96B8-75F0AD9C6499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"576FE339-BD08-4994-B31A-15BC521650E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"371E03D4-BDD9-40A8-B24B-43C320C9F3E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C319D81D-E66B-47E6-A731-D5074314B94B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3A6D9A8-9196-4358-B2ED-BD103AB237F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"408B31F1-F945-4CEB-B6D4-2666A6B8B2C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0352390-F2E0-4F66-829B-79A0F210A622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6309A833-9490-494A-BE3A-BA79133BD6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50810A19-BEDC-4DF6-BA82-DAA1F96D5400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97486673-4740-4F4F-8956-73C06B477096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79E917E9-DE5E-482A-9A20-823DF475BE66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC25F42C-82EC-44EE-94AC-E85F428460D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA2BBC72-E5AD-4FAD-8F72-264794847D96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3797766-D2E5-4645-A793-ABA12A10CF10\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22005382\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99368\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/123777\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22005382\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/123777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2017-1207

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

Aliases

CVE-2017-1207

Aliases

CVE-2017-1207

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-1207",
    "description": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.",
    "id": "GSD-2017-1207"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-1207"
      ],
      "details": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.",
      "id": "GSD-2017-1207",
      "modified": "2023-12-13T01:21:11.909463Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2017-06-30T00:00:00",
        "ID": "CVE-2017-1207",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Integration Bus",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "9.0"
                        },
                        {
                          "version_value": "10.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Obtain Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
          },
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=swg22005382",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
          },
          {
            "name": "99368",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99368"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1207"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777",
              "refsource": "MISC",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005382",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
            },
            {
              "name": "99368",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99368"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-07-05T17:29Z"
    }
  }
}

CNVD-2017-22088

Vulnerability from cnvd - Published: 2017-08-21

Title

IBM Integration Bus信息泄露漏洞（CNVD-2017-22088）

Description

IBM Integration Bus（前称IBM WebSphere Message Broker）是美国IBM公司的一款企业服务总线（ESB）产品。该产品为面向服务架构（SOA）环境和非SOA环境提供连通性和通用数据转换。 IBM Integration Bus中存在信息泄露漏洞，该漏洞源于程序以明文的形式记录用户证书。本地攻击者可利用该漏洞读取用户证书。

Severity

低

Patch Name

IBM Integration Bus信息泄露漏洞（CNVD-2017-22088）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www-01.ibm.com/support/docview.wss?uid=swg22005382

Reference

http://www.securityfocus.com/bid/99368

Impacted products

Name
['IBM WebSphere Message Broker 8.0', 'IBM Integration Bus 10.0', 'IBM WebSphere Message Broker 8.0.0.8', 'IBM WebSphere Message Broker 8.0.0.7', 'IBM WebSphere Message Broker 8.0.0.6', 'IBM WebSphere Message Broker 8.0.0.4', 'IBM WebSphere Message Broker 8.0.0.3', 'IBM WebSphere Message Broker 8.0.0.2', 'IBM WebSphere Message Broker 8.0.0.1', 'IBM Integration Bus 9.0.0.7', 'IBM Integration Bus 9.0.0.4', 'IBM Integration Bus 9.0.0.3', 'IBM Integration Bus 9.0.0.1', 'IBM Integration Bus 9.0.0.0', 'IBM Integration Bus 10.0.0.7', 'IBM Integration Bus 10.0.0.6', 'IBM Integration Bus 10.0.0.5']

Name

['IBM WebSphere Message Broker 8.0', 'IBM Integration Bus 10.0', 'IBM WebSphere Message Broker 8.0.0.8', 'IBM WebSphere Message Broker 8.0.0.7', 'IBM WebSphere Message Broker 8.0.0.6', 'IBM WebSphere Message Broker 8.0.0.4', 'IBM WebSphere Message Broker 8.0.0.3', 'IBM WebSphere Message Broker 8.0.0.2', 'IBM WebSphere Message Broker 8.0.0.1', 'IBM Integration Bus 9.0.0.7', 'IBM Integration Bus 9.0.0.4', 'IBM Integration Bus 9.0.0.3', 'IBM Integration Bus 9.0.0.1', 'IBM Integration Bus 9.0.0.0', 'IBM Integration Bus 10.0.0.7', 'IBM Integration Bus 10.0.0.6', 'IBM Integration Bus 10.0.0.5']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99368"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1207"
    }
  },
  "description": "IBM Integration Bus\uff08\u524d\u79f0IBM WebSphere Message Broker\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u670d\u52a1\u603b\u7ebf\uff08ESB\uff09\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3a\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u73af\u5883\u548c\u975eSOA\u73af\u5883\u63d0\u4f9b\u8fde\u901a\u6027\u548c\u901a\u7528\u6570\u636e\u8f6c\u6362\u3002\r\n\r\nIBM Integration Bus\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u8bb0\u5f55\u7528\u6237\u8bc1\u4e66\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u7528\u6237\u8bc1\u4e66\u3002",
  "discovererName": "IBM",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22005382",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-22088",
  "openTime": "2017-08-21",
  "patchDescription": "IBM Integration Bus\uff08\u524d\u79f0IBM WebSphere Message Broker\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u670d\u52a1\u603b\u7ebf\uff08ESB\uff09\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3a\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u73af\u5883\u548c\u975eSOA\u73af\u5883\u63d0\u4f9b\u8fde\u901a\u6027\u548c\u901a\u7528\u6570\u636e\u8f6c\u6362\u3002\r\n\r\nIBM Integration Bus\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u8bb0\u5f55\u7528\u6237\u8bc1\u4e66\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u7528\u6237\u8bc1\u4e66\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Integration Bus\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-22088\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM WebSphere Message Broker 8.0",
      "IBM Integration Bus 10.0",
      "IBM WebSphere Message Broker  8.0.0.8",
      "IBM WebSphere Message Broker   8.0.0.7",
      "IBM WebSphere Message Broker   8.0.0.6",
      "IBM WebSphere Message Broker   8.0.0.4",
      "IBM WebSphere Message Broker   8.0.0.3",
      "IBM WebSphere Message Broker   8.0.0.2",
      "IBM WebSphere Message Broker   8.0.0.1",
      "IBM Integration Bus 9.0.0.7",
      "IBM Integration Bus  9.0.0.4",
      "IBM Integration Bus  9.0.0.3",
      "IBM Integration Bus  9.0.0.1",
      "IBM Integration Bus  9.0.0.0",
      "IBM Integration Bus  10.0.0.7",
      "IBM Integration Bus  10.0.0.6",
      "IBM Integration Bus  10.0.0.5"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99368",
  "serverity": "\u4f4e",
  "submitTime": "2017-07-06",
  "title": "IBM Integration Bus\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-22088\uff09"
}

FKIE_CVE-2017-1207

Vulnerability from fkie_nvd - Published: 2017-07-05 17:29 - Updated: 2025-04-20 01:37

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22005382	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/99368	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/123777	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22005382	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99368	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/123777	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	websphere_message_broker	8.0.0.0
ibm	websphere_message_broker	8.0.0.1
ibm	websphere_message_broker	8.0.0.2
ibm	websphere_message_broker	8.0.0.3
ibm	websphere_message_broker	8.0.0.4
ibm	websphere_message_broker	8.0.0.5
ibm	websphere_message_broker	8.0.0.6
ibm	websphere_message_broker	8.0.0.7
ibm	integration_bus	9.0.0
ibm	integration_bus	9.0.0.1
ibm	integration_bus	9.0.0.2
ibm	integration_bus	9.0.0.3
ibm	integration_bus	9.0.0.4
ibm	integration_bus	9.0.0.5
ibm	integration_bus	9.0.0.6
ibm	integration_bus	9.0.0.7
ibm	integration_bus	10.0.0
ibm	integration_bus	10.0.0.1
ibm	integration_bus	10.0.0.2
ibm	integration_bus	10.0.0.3
ibm	integration_bus	10.0.0.4
ibm	integration_bus	10.0.0.5
ibm	integration_bus	10.0.0.6
ibm	integration_bus	10.0.0.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9244FCC7-99F7-4F90-99CD-12FFF5AD2514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B859DAA9-1B0E-47CE-813D-108776C3B239",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2458C42A-90F7-457C-AAD6-205D9893A993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFEC988-5E94-474F-9A60-966B8FA8B8F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5CCF85-8149-43DB-A594-99895D94F447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA0D7E80-2607-4567-8D1C-2ADA32F174D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32E57C58-4A30-43BE-B8CC-E6B38E67AA8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C048F0-D615-49E6-9B50-22E259C02C5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "279685A5-23ED-49B1-AF42-2181054B7316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "725E3F95-4096-497D-8F2A-02C185ACF8CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB80DEF-E09A-4B51-96B8-75F0AD9C6499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "576FE339-BD08-4994-B31A-15BC521650E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "371E03D4-BDD9-40A8-B24B-43C320C9F3E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C319D81D-E66B-47E6-A731-D5074314B94B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A6D9A8-9196-4358-B2ED-BD103AB237F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "408B31F1-F945-4CEB-B6D4-2666A6B8B2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0352390-F2E0-4F66-829B-79A0F210A622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6309A833-9490-494A-BE3A-BA79133BD6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "50810A19-BEDC-4DF6-BA82-DAA1F96D5400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97486673-4740-4F4F-8956-73C06B477096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "79E917E9-DE5E-482A-9A20-823DF475BE66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC25F42C-82EC-44EE-94AC-E85F428460D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA2BBC72-E5AD-4FAD-8F72-264794847D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3797766-D2E5-4645-A793-ABA12A10CF10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777."
    },
    {
      "lang": "es",
      "value": "IBM WebSphere Message Broker almacena las credenciales del usuario en texto plano las cuales podr\u00edan ser le\u00eddas por un usuario local. IBM X-Force ID: 123777."
    }
  ],
  "id": "CVE-2017-1207",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-05T17:29:00.373",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99368"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-C4PV-CXP6-V96J

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42

Details

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-1207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-05T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.",
  "id": "GHSA-c4pv-cxp6-v96j",
  "modified": "2022-05-13T01:42:36Z",
  "published": "2022-05-13T01:42:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1207"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123777"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005382"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99368"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-1207 (GCVE-0-2017-1207)

GSD-2017-1207

CNVD-2017-22088

FKIE_CVE-2017-1207

GHSA-C4PV-CXP6-V96J

Tags

Sightings

Nomenclature