Описание
The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:rational_focal_point:6.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_focal_point:6.6.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00225
Низкий
5 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.
EPSS
Процентиль: 45%
0.00225
Низкий
5 Medium
CVSS2
Дефекты
CWE-255