VAR-201501-0185
Vulnerability from variot - Updated: 2023-12-18 11:39Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Backup Restore. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Backup Restore' sub component is affected. This vulnerability affects the following supported versions: ILOM prior to 3.2.4. It can manage and monitor components installed in the server, and remotely manage the server. Remote attackers can use this vulnerability to read data, affecting data confidentiality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.3"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "3.2.3"
},
{
"model": "integrated lights out manager",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "3.2.4"
},
{
"model": "cms r17 r3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "cms r16 r6",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "cms r16",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "72177"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001203"
},
{
"db": "NVD",
"id": "CVE-2014-6584"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-459"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6584"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "72177"
}
],
"trust": 0.3
},
"cve": "CVE-2014-6584",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-6584",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-74528",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-6584",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-459",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-74528",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-6584",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74528"
},
{
"db": "VULMON",
"id": "CVE-2014-6584"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001203"
},
{
"db": "NVD",
"id": "CVE-2014-6584"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-459"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Backup Restore. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability. \nThe vulnerability can be exploited over the \u0027HTTP\u0027 protocol. The \u0027Backup Restore\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\nILOM prior to 3.2.4. It can manage and monitor components installed in the server, and remotely manage the server. Remote attackers can use this vulnerability to read data, affecting data confidentiality",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6584"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001203"
},
{
"db": "BID",
"id": "72177"
},
{
"db": "VULHUB",
"id": "VHN-74528"
},
{
"db": "VULMON",
"id": "CVE-2014-6584"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-6584",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1031594",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001203",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-459",
"trust": 0.7
},
{
"db": "BID",
"id": "72177",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-74528",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-6584",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74528"
},
{
"db": "VULMON",
"id": "CVE-2014-6584"
},
{
"db": "BID",
"id": "72177"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001203"
},
{
"db": "NVD",
"id": "CVE-2014-6584"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-459"
}
]
},
"id": "VAR-201501-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-74528"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:39:54.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6584"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001203"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6584"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1031594"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6584"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6584"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101007405"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/72177"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74528"
},
{
"db": "VULMON",
"id": "CVE-2014-6584"
},
{
"db": "BID",
"id": "72177"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001203"
},
{
"db": "NVD",
"id": "CVE-2014-6584"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-459"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-74528"
},
{
"db": "VULMON",
"id": "CVE-2014-6584"
},
{
"db": "BID",
"id": "72177"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001203"
},
{
"db": "NVD",
"id": "CVE-2014-6584"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-459"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-74528"
},
{
"date": "2015-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6584"
},
{
"date": "2015-01-20T00:00:00",
"db": "BID",
"id": "72177"
},
{
"date": "2015-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001203"
},
{
"date": "2015-01-21T15:28:22.070000",
"db": "NVD",
"id": "CVE-2014-6584"
},
{
"date": "2015-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-459"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-23T00:00:00",
"db": "VULHUB",
"id": "VHN-74528"
},
{
"date": "2016-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6584"
},
{
"date": "2015-05-07T17:28:00",
"db": "BID",
"id": "72177"
},
{
"date": "2015-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001203"
},
{
"date": "2016-06-23T11:55:26.547000",
"db": "NVD",
"id": "CVE-2014-6584"
},
{
"date": "2015-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-459"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-459"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of Integrated Lights Out Manager (ILOM) In Backup Restore Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001203"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "72177"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…