exploitDog

CVE-2014-4875

Опубликовано: 24 июн. 2015

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.

Ссылки

http://www.kb.cert.org/vuls/id/301788
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/JLAD-9X4SPN
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/301788
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/JLAD-9X4SPN
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:toshiba:chec:*:*:*:*:*:*:*:*

Версия до 6.6 (включая)

cpe:2.3:a:toshiba:chec:6.7:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00344

Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-29p3-gxfx-6jvv

github

больше 3 лет назад

CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.

EPSS

Процентиль: 56%

0.00344

Низкий

5 Medium

CVSS2

Дефекты

CWE-200