CVE-2012-4832

EUVD-2012-4757
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
ibminfosphere_business_glossary
8.1.1
ibminfosphere_business_glossary
8.1.2
ibminfosphere_information_server
8.1
ibminfosphere_information_server
8.5
ibminfosphere_information_server
8.5.0.1
ibminfosphere_information_server
8.5.0.2
ibminfosphere_information_server
8.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21623501
https://exchange.xforce.ibmcloud.com/vulnerabilities/78906
http://www-01.ibm.com/support/docview.wss?uid=swg21623501
https://exchange.xforce.ibmcloud.com/vulnerabilities/78906