CVE-2014-4875

Name of the Vulnerable Software and Affected Versions Toshiba CHEC versions prior to 6.6 build 4014 Toshiba CHEC versions 6.7 prior to build 4329

Description The issue concerns a hardcoded AES key in CreateBossCredentials.jar, which can be exploited by attackers to obtain Back Office System Server (BOSS) DB2 database credentials. This can be achieved by leveraging knowledge of the hardcoded key in conjunction with read access to bossinfo.pro.

Recommendations For versions prior to 6.6 build 4014, update to a version that includes build 4014 or later to resolve the issue. For versions 6.7 prior to build 4329, update to a version that includes build 4329 or later to resolve the issue. As a temporary workaround, consider restricting read access to bossinfo.pro to minimize the risk of exploitation.