Описание
The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:rational_directory_administrator:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_directory_administrator:6.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_directory_server:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_directory_server:5.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_directory_server:5.1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_directory_server:5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_directory_server:5.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_directory_server:5.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_directory_server:5.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00049
Низкий
4.9 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.
EPSS
Процентиль: 15%
0.00049
Низкий
4.9 Medium
CVSS2
Дефекты
CWE-310