PT-2014-5080 · Ibm · Ibm Rational Directory Server+2

Published

2014-08-22

Updated

2017-08-29

CVE-2014-3089

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Rational Directory Server versions 5.1.1.x through 5.1.1.2 iFix003 IBM Rational Directory Server versions 5.2.x through 5.2.1 iFix002 Rational Directory Administrator version 6.0 through iFix001

Description The issue allows local users to obtain sensitive information by reading a library file, as the RDS Java Client library includes the cleartext root password.

Recommendations For IBM Rational Directory Server versions 5.1.1.x through 5.1.1.2 iFix003, update to version 5.1.1.2 iFix004 or later. For IBM Rational Directory Server versions 5.2.x through 5.2.1 iFix002, update to version 5.2.1 iFix003 or later. For Rational Directory Administrator version 6.0 through iFix001, update to version 6.0 iFix002 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2014-3089

Affected Products

Ibm Rational Directory Server

Rds Java Client Library

Rational Directory Administrator

PT-2014-5080 · Ibm · Ibm Rational Directory Server+2

CVE-2014-3089

Weakness Enumeration

Related Identifiers

Affected Products

References · 4