PT-2014-5080 · Ibm · Ibm Rational Directory Server+2

Publicado

2014-08-22

·

Atualizado

2017-08-29

·

CVE-2014-3089

CVSS v2.0

4.9

Média

VetorAV:L/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM Rational Directory Server versions 5.1.1.x through 5.1.1.2 iFix003 IBM Rational Directory Server versions 5.2.x through 5.2.1 iFix002 Rational Directory Administrator version 6.0 through iFix001
Description The issue allows local users to obtain sensitive information by reading a library file, as the RDS Java Client library includes the cleartext root password.
Recommendations For IBM Rational Directory Server versions 5.1.1.x through 5.1.1.2 iFix003, update to version 5.1.1.2 iFix004 or later. For IBM Rational Directory Server versions 5.2.x through 5.2.1 iFix002, update to version 5.2.1 iFix003 or later. For Rational Directory Administrator version 6.0 through iFix001, update to version 6.0 iFix002 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2014-3089

Produtos afetados

Ibm Rational Directory Server
Rds Java Client Library
Rational Directory Administrator